if user has activated aal2 and login post request (

/self-service/login?flow={{id}}

) has Header Accept: application/json on response of this request I cannot see that user has activated aal2 only identity is null. How can I found out that user has activated aal2 without run second request, e.g.

/sessions/whoami

?

{
  "session": {
    "id": "3f2a3955-3e37-43ca-97a4-edd44ad52fa5",
    "active": true,
    "expires_at": "2023-03-16T07:34:16.452916981Z",
    "authenticated_at": "2023-03-15T07:34:16.452916981Z",
    "authenticator_assurance_level": "aal1",
    "authentication_methods": [
      {
        "method": "password",
        "aal": "aal1",
        "completed_at": "2023-03-15T07:34:16.452913581Z"
      }
    ],
    "issued_at": "2023-03-15T07:34:16.452916981Z",
    "identity": null,
    "devices": [
      {
        "id": "7deccb96-b9e4-4e75-9042-bac7d208ac29",
        "ip_address": "5.146.248.204",
        "user_agent": "PostmanRuntime/7.31.1",
        "location": ""
      }
    ]
  }
}

here response of

/sessions/whoami

that tells me “id”: “session_aal2_required”,

{
  "error": {
    "id": "session_aal2_required",
    "code": 403,
    "status": "Forbidden",
    "reason": "An active session was found but it does not fulfill the requested Authenticator Assurance Level. Please verify yourself with a second factor to resolve this issue.",
    "details": {
      "redirect_browser_to": "<https://auth-hansetag.westeurope.cloudapp.azure.com/self-service/login/browser?aal=aal2>"
    },
    "message": "Session does not fulfill the requested Authenticator Assurance Level"
  },
  "redirect_browser_to": "<https://auth-hansetag.westeurope.cloudapp.azure.com/self-service/login/browser?aal=aal2>"
}