From 65a4a29ad338dda8ee9560f89f0db0a60828b4ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Rapha=C3=ABl=20Dubigny?= <rdubigny@gmail.com>
Date: Mon, 17 Jun 2024 17:32:48 +0200
Subject: [PATCH] feat: add force 2FA example

---
 index.js        | 19 ++++++++++++++++++-
 views/index.ejs |  4 ++++
 2 files changed, 22 insertions(+), 1 deletion(-)

diff --git a/index.js b/index.js
index b58f035..f0bec1f 100644
--- a/index.js
+++ b/index.js
@@ -107,13 +107,30 @@ app.post(
 app.post(
   "/force-login",
   getAuthorizationControllerFactory({
-    claims: { id_token: { auth_time: { essential: true } } },
+    claims: {
+      id_token: {
+        amr: { essential: true },
+        auth_time: { essential: true },
+      },
+    },
     prompt: "login",
     // alternatively, you can use the 'max_age: 0'
     // if so, claims parameter is not necessary as auth_time will be returned
   }),
 );
 
+app.post(
+  "/force-2fa",
+  getAuthorizationControllerFactory({
+    claims: {
+      id_token: {
+        amr: { essential: true },
+        acr: { essential: true, value: "https://refeds.org/profile/mfa" },
+      },
+    },
+  }),
+);
+
 app.get(process.env.CALLBACK_URL, async (req, res, next) => {
   try {
     const client = await getMcpClient();
diff --git a/views/index.ejs b/views/index.ejs
index e13a46d..d700b4b 100644
--- a/views/index.ejs
+++ b/views/index.ejs
@@ -92,6 +92,10 @@
         <form action="/force-login" method="post">
             <button id="force-login">Forcer une reconnexion</button>
         </form>
+        <br>
+        <form action="/force-2fa" method="post">
+            <button id="force-login">Forcer une connexion a deux facteurs</button>
+        </form>
     </main>
     <footer>
         <p>Source: <a href="https://github.com/betagouv/moncomptepro-test-client">github.com/betagouv/moncomptepro-test-client</a></p>