Token refresh not refreshing acr in access token?

[Lovis Möller]

Hi everyone,

I've implemented step-up authentication with LoA/acr.

It works fine, but when a token is refreshed using a refresh token, the "acr" field in the access token stays the same, even if the configured maxAge for the "Condition - Level Of Authentication" was reached. 

Is there anything I need to do differently, is this intended, or maybe even a bug? 

I'm using keycloak.js for the login and token refresh.

Thanks in advance!