# `Attesto.StepUp.Requirement`
[🔗](https://github.com/XukuLLC/attesto/blob/v0.13.0/lib/attesto/step_up.ex#L1)

A normalized RFC 9470 step-up authentication requirement for a protected route.

Two independent dimensions, both optional but at least one required:

  * `:acr_values` - the set of Authentication Context Class References the
    presented token's `acr` claim must be one of (RFC 9470 §3 / OIDC Core
    §2). Empty means "no `acr` constraint".
  * `:max_age` - the maximum age, in seconds, of the end-user authentication
    event: the token's `auth_time` must be no older than `now - max_age`.
    `nil` means "no freshness constraint".

# `t`

```elixir
@type t() :: %Attesto.StepUp.Requirement{
  acr_values: [String.t()],
  max_age: non_neg_integer() | nil
}
```

# `parse`

```elixir
@spec parse(t() | keyword()) :: t()
```

Build and validate a requirement from a `%Requirement{}` or a keyword list
(`acr_values:` and/or `max_age:`).

Fail-closed at configuration time: a malformed `:acr_values` / `:max_age`, or a
requirement that constrains neither dimension, raises `ArgumentError` so a
misconfigured route is caught at boot rather than silently never challenging.

---

*Consult [api-reference.md](api-reference.md) for complete listing*