Service-initiated MFA using OpenID Connect

When using OAuth/OpenID Connect the service will need to send the following parameter as part of the authentication request:

acr_values=urn:mace:feide.no:auth:level:fad08:3

More information on the acr_values parameter can be found here:

https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest

After authentication, the acr field in the generated token should be used to verify the authentication level.