I'm using oidc-client-js in an Angular application and would like to use the acr_values to pass an IDP value to Identity Server 4. (Identity Server is our primary token service, but we have configured it to use Okta as an external provider for one tenant of the application.)
Setting the value like this in Angular:
this.userManager = new UserManager({
authority: environment.stsAuthority,
client_id: window.location.hostname,
acr_values: 'ipd:oktatest',
...
The generated URL contains %26acr_values%3Dipd%253Aoktatest
which is what you get if you URL encode idp:oktatest twice.
If I manually change the URL to %26acr_values%3Didp%3Aoktatest
it works as expected. (It's hard to pick up on the difference but the % sign in %3A between ipd and okta becomes %25 when it's double encoded.)
Am I doing something wrong? Is this a bug? Is there a better way to specify the value of acr_values in the Angular code?
You can try this workaround by defining the
acr_values
at the level ofsigninRedirect
: