-
Eric Chiang authored
The "at_hash" claim, which provides hash verification for the "access_token," is a required claim for implicit and hybrid flow requests. Previously we did not include it (against spec). This PR implements the "at_hash" logic and adds the claim to all responses. As a cleanup, it also moves some JOSE signing logic out of the storage package and into the server package. For details see: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
1eda3827
Name |
Last commit
|
Last update |
---|---|---|
Documentation | ||
api | ||
cmd | ||
connector | ||
examples | ||
scripts | ||
server | ||
storage | ||
vendor | ||
version | ||
web | ||
.gitignore | ||
.travis.yml | ||
DCO | ||
Dockerfile | ||
LICENSE | ||
Makefile | ||
README.md | ||
glide.lock | ||
glide.yaml | ||
glide_test.go |