Overview
Level of Assurance (LoA) indicates the confidence level of an identity verification. Based on the OIDCacr (Authentication Context Class Reference) claim, Hopae returns three fields:
hopae_loa— integer 1–5 level for programmatic checkshopae_loa_label— human-readable label (e.g.,substantial)
LoA levels
Specify LoA in requests
Request a minimum LoA when initiating verification:- OIDC
- REST API
Add See acr_values format for additional options including provider filtering.
acr_values query parameter:Error handling
Provider does not support the requested LoA Returns an error before authentication begins:- OIDC: Error callback redirect
- REST API: HTTP 422
- The user chooses a weaker authentication method than expected
- The provider downgrades the session due to fallback mechanisms
failed, but you can still retrieve user data via the /userinfo endpoint.
This allows you to decide how to handle the situation
Response example
LoA fields are included in both ID Token and UserInfo responses:See also
- OIDC Integration Guide —
acr_valuesparameter usage - REST API: Create Verification —
requestedLoafield

