AuthNContext and AMR, We Remember What MFA You Provided Last Summer!
Jul 14, 2026
Why Authentication Context Matters Most people think logging in is a small act. Type your password, type your code, tap a screen, scan a face, and move on. But to the systems on the other side, the method behind that moment can matter just as much as the fact that it happened at all. That is where two strangely named but surprisingly important identity concepts enter the story: OIDC's AMR and SAML 2.0's AuthnContext. They sound like the kind of acronyms that only standards committees could love, yet both were created to answer a deeply human question in digital form: How sure a system has to be before it trusts someone? The backstory starts with the internet growing up. Early online services often treated authentication as a light switch: either the user was in, or the user was out. But as online systems began handling payroll, health records, taxes, academic data, contracts, and financial approvals, that simple model started to crack. A login backed by a reused password is not ...