| Info |
|---|
OOBA (Out-of-Band Authentication) is performed through a separate channel. DualShield follows RFC 8176 and includes mca in the amr claim of the id_token. However, Entra ID currently accepts only otp, so the following customization is required. Otherwise, it may report the error: Failed to validate external id_token: 'amr' claim has unexpected value. |
...