-
Eric Chiang authored
The "at_hash" claim, which provides hash verification for the "access_token," is a required claim for implicit and hybrid flow requests. Previously we did not include it (against spec). This PR implements the "at_hash" logic and adds the claim to all responses. As a cleanup, it also moves some JOSE signing logic out of the storage package and into the server package. For details see: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
1eda3827
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| conformance | ||
| kubernetes | ||
| memory | ||
| sql | ||
| doc.go | ||
| static.go | ||
| storage.go |