AMR field contains SWK when using yubikey hardware token

I am testing out okta integration via OIDC and one of the benefits is being able to inspect the way the user was authenticated. The okta docs (Sessions | Okta Developer) say that a yubikey should result in the “amr” field containing the value “hwk”. However, what I am seeing is that the “amr” field contains “swk” for a hardware token (yubikey).

When I try other 2fa options they seem to be correct: okta verify app push notification has “swk”, sms has “sms”, and email has “otp”.

Expected values when using my yubikey:

{
...
"amr": [
    "mfa",
    "hwk",
    "pwd"
  ]
}

Actual value when using my yubikey:

{
...
"amr": [
    "mfa",
    "swk",
    "pwd"
  ]
}

Can you open a support case so a support engineer can review this behavior with you?

Sure. I just opened one.