-
Eric Chiang authored
The "at_hash" claim, which provides hash verification for the "access_token," is a required claim for implicit and hybrid flow requests. Previously we did not include it (against spec). This PR implements the "at_hash" logic and adds the claim to all responses. As a cleanup, it also moves some JOSE signing logic out of the storage package and into the server package. For details see: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken
1eda3827
| Name |
Last commit
|
Last update |
|---|---|---|
| .. | ||
| internal | ||
| api.go | ||
| api_test.go | ||
| doc.go | ||
| handlers.go | ||
| handlers_test.go | ||
| oauth2.go | ||
| oauth2_test.go | ||
| rotation.go | ||
| rotation_test.go | ||
| server.go | ||
| server_test.go | ||
| templates.go | ||
| templates_test.go |