Request acr_values for authorization flow (#73)

Co-authored-by: Mateusz Bilski <[email protected]>

cmd/log.go

@@ -92,6 +92,7 @@ func LogInputData(cc oauth2.ClientConfig) {
 		{"Grant type", cc.GrantType},
 		{"Auth method", cc.AuthMethod},
 		{"Scopes", strings.Join(cc.Scopes, ", ")},
+		{"ACR Values", strings.Join(cc.ACRValues, ", ")},
 		{"Audience", strings.Join(cc.Audience, ", ")},
 		{"Response types", strings.Join(cc.ResponseType, ", ")},
 		{"Response mode", cc.ResponseMode},

cmd/oauth2.go

@@ -77,6 +77,7 @@ func NewOAuth2Cmd() (cmd *OAuth2Cmd) {
 	cmd.PersistentFlags().BoolVar(&cconfig.DPoP, "dpop", false, "use DPoP")
 	cmd.PersistentFlags().StringVar(&cconfig.Claims, "claims", "", "use claims")
 	cmd.PersistentFlags().StringVar(&cconfig.RAR, "rar", "", "use rich authorization request (RAR)")
+	cmd.PersistentFlags().StringSliceVar(&cconfig.ACRValues, "acr-values", []string{}, "ACR values")
 
 	return cmd
 }

internal/oauth2/oauth2.go

@@ -60,6 +60,7 @@ type ClientConfig struct {
 	ClientID               string
 	ClientSecret           string
 	Scopes                 []string
+	ACRValues              []string
 	Audience               []string
 	AuthMethod             string
 	PKCE                   bool

internal/oauth2/request.go

@@ -49,6 +49,10 @@ func (r *Request) AuthorizeRequest(
 		r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 	}
 
+	if len(cconfig.ACRValues) > 0 {
+		r.Form.Set("acr_values", strings.Join(cconfig.ACRValues, " "))
+	}
+
 	if len(cconfig.Audience) > 0 {
 		r.Form.Set("audience", strings.Join(cconfig.Audience, " "))
 	}
@@ -121,6 +125,10 @@ func (r *Request) AuthorizeRequest(
 			r.Form.Set("scope", strings.Join(cconfig.Scopes, " "))
 		}
 
+		if len(cconfig.ACRValues) > 0 {
+			r.Form.Set("acr_values", strings.Join(cconfig.ACRValues, " "))
+		}
+
 		if len(cconfig.Audience) > 0 {
 			r.Form.Set("audience", strings.Join(cconfig.Audience, " "))
 		}