...
Depending on the configured or requested QoA QoR by the application - or implicitly by the requested Level of Trust - the user has to fulfill no verification (QoA1QoR1), fulfill either the manual identification or video identification method (QoA2QoR2) or the requirements from QoA2 QoR2 and the API verification method (QoA3QoR3).
QoR Claims
In the id_token
you will get a list of QoA’s QoR’s the the user has passed in the fulfilled_qors
claim.
...