Test 1: add acr_values return validation value (#1285)

* Part 1: add acr_values return validation value

* Update acr return value validation from OIDC specs

* acr validation prompt clarification

src/Core/Models/Data/SsoConfigurationData.cs

@@ -27,6 +27,7 @@ namespace Bit.Core.Models.Data
         public string AdditionalEmailClaimTypes { get; set; }
         public string AdditionalNameClaimTypes { get; set; }
         public string AcrValues { get; set; }
+        public string ExpectedReturnAcrValue { get; set; }
 
         // SAML2 IDP
         public string IdpEntityId { get; set; }

src/Core/Resources/SharedResources.en.resx

@@ -638,10 +638,18 @@
     <value>Requested Authentication Context Class Reference values (acr_values)</value>
     <comment>'acr_values' is an explicit OIDC param, see https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest. It should not be translated.</comment>
   </data>
+  <data name="ExpectedReturnAcrValue" xml:space="preserve">
+    <value>Expected "acr" Claim Value In Response (acr validation)</value>
+    <comment>'acr' is an explicit OIDC claim type, see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.2 (acr). It should not be translated.</comment>
+  </data>
   <data name="LoggedOutMessage" xml:space="preserve">
     <value>You have been logged out of the Bitwarden Business Portal.</value>
   </data>
   <data name="AccessDeniedError" xml:space="preserve">
     <value>Access Denied to this resource.</value>
   </data>
+  <data name="AcrMissingOrInvalid" xml:space="preserve">
+    <value>Expected authentication context class reference (acr) was not returned with the authentication response or is invalid.</value>
+    <comment>'acr' is an explicit OIDC claim type, see https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.2 (acr). It should not be translated.</comment>
+  </data>
 </root>