1eda382789
The "at_hash" claim, which provides hash verification for the "access_token," is a required claim for implicit and hybrid flow requests. Previously we did not include it (against spec). This PR implements the "at_hash" logic and adds the claim to all responses. As a cleanup, it also moves some JOSE signing logic out of the storage package and into the server package. For details see: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitIDToken |
||
---|---|---|
.. | ||
internal | ||
api.go | ||
api_test.go | ||
doc.go | ||
handlers.go | ||
handlers_test.go | ||
oauth2.go | ||
oauth2_test.go | ||
rotation.go | ||
rotation_test.go | ||
server.go | ||
server_test.go | ||
templates.go | ||
templates_test.go |