From cbe777416fe27fe17c72ff211f64bb3d24cb8c94 Mon Sep 17 00:00:00 2001
From: Andrei Stepanov <astepano@redhat.com>
Date: Jun 18 2020 11:58:24 +0000
Subject: Serialize amr claim in token only once


amr claim must be JSON array of strings that are identifiers for authentication
methods used in the authentication.

Signed-off-by: Andrei Stepanov <astepano@redhat.com>

---

diff --git a/ipsilon/providers/openidc/auth.py b/ipsilon/providers/openidc/auth.py
index 265890f..ada49ec 100644
--- a/ipsilon/providers/openidc/auth.py
+++ b/ipsilon/providers/openidc/auth.py
@@ -503,7 +503,7 @@ class Continue(AuthenticateRequest):
             if 'nonce' in request:
                 id_token['nonce'] = request['nonce']
             id_token['acr'] = '0'
-            id_token['amr'] = json.dumps([])
+            id_token['amr'] = []
             id_token['azp'] = request['client_id']
 
             if 'code' in response: