-
- Downloads
server: add at_hash claim support
The "at_hash" claim, which provides hash verification for the "access_token," is a required claim for implicit and hybrid flow requests. Previously we did not include it (against spec). This PR implements the "at_hash" logic and adds the claim to all responses. As a cleanup, it also moves some JOSE signing logic out of the storage package and into the server package. For details see: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
Showing
- server/handlers.go 12 additions, 8 deletionsserver/handlers.go
- server/oauth2.go 128 additions, 7 deletionsserver/oauth2.go
- server/oauth2_test.go 19 additions, 0 deletionsserver/oauth2_test.go
- server/server_test.go 33 additions, 0 deletionsserver/server_test.go
- storage/storage.go 0 additions, 39 deletionsstorage/storage.go
Loading
Please register or sign in to comment