From db8a09fe8c267a54fbbfabe0dc871a2108824968 Mon Sep 17 00:00:00 2001
From: Andrew McFadden <andrew.mcfadden@outlook.com>
Date: Wed, 5 Jul 2023 17:18:21 -0500
Subject: [PATCH] feat: add ACR Value option to OIDC Module (#6553)

---------

Co-authored-by: Nicolas Giard <github@ngpixel.com>
---
 server/modules/authentication/oidc/authentication.js | 3 ++-
 server/modules/authentication/oidc/definition.yml    | 5 +++++
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/modules/authentication/oidc/authentication.js b/server/modules/authentication/oidc/authentication.js
index f443de05..4c7383e4 100644
--- a/server/modules/authentication/oidc/authentication.js
+++ b/server/modules/authentication/oidc/authentication.js
@@ -20,7 +20,8 @@ module.exports = {
         userInfoURL: conf.userInfoURL,
         callbackURL: conf.callbackURL,
         passReqToCallback: true,
-        skipUserProfile: conf.skipUserProfile
+        skipUserProfile: conf.skipUserProfile,
+        acrValues: conf.acrValues
       }, async (req, iss, uiProfile, idProfile, context, idToken, accessToken, refreshToken, params, cb) => {
         const profile = Object.assign({}, idProfile, uiProfile)
 
diff --git a/server/modules/authentication/oidc/definition.yml b/server/modules/authentication/oidc/definition.yml
index 2062a7ee..774575c1 100644
--- a/server/modules/authentication/oidc/definition.yml
+++ b/server/modules/authentication/oidc/definition.yml
@@ -80,3 +80,8 @@ props:
     title: Logout URL
     hint: (optional) Logout URL on the OAuth2 provider where the user will be redirected to complete the logout process.
     order: 12
+  acrValues:
+    type: String
+    title: ACR Values
+    hint: (optional) Authentication Context Class Reference
+    order: 13