I'm trying to configure an oidc provider that needs me send with acr_values can kratos do this? How do I configure it? I'm self hosting.

Hello bjorn, do you have some documentation for the acr_values on hand maybe? Did you find anything in our docs? I found this on SA

"There are no "official" values for acr_values. They should be communicated via the acr_values_supported parameter of OIDC discovery response. Please see <https://openid.net/specs/openid-connect-discovery-1_0.html> (OpenID Connect Discovery 1.0) for more on this."

https://openid.net/specs/openid-connect-modrna-authentication-1_0.html#acr_values In general I think this should be doable on Kratos side - you can use jsonnet to map values from the OIDC id token.

I don't understand what you mean. acr_values should be sent as a part of the authentication request so I don't see why I would need to do any id token mapping. This is the docs for the provider https://docs.criipto.com/verify/guides/authorize-url-builder/ It seems like it works if I don't provide any acr_values, but then I can't control which login methods are available. So it's not critical now, but it would be great to have later to control which methods are available based on the country you're logging in from.

Yea tbh I had not looked at acr_values before. Kratos should support it? https://github.com/ory/kratos/blob/master/spec/api.json#L324 What happens if you send acr_values?

I'm confused, What is this documenting? Send acr_values where?

Apologies Bjorn im a bit out of my dept with the acr_value. Trying to read up on it and see what I can find in the docs. But you are running an OAuth2 / OIDC server and you want that to communicate the acr_value to Kratos correct?

The OAuth2 / OIDC server is external and I want kratos to send the acr_values in the authorization request.