[openid-connect] Add at_hash claim in JWT token #509

leplatrem · 2017-12-17T00:38:29Z

It is possible to verify a JWT id token at_hash claim using an access token
http://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken

We discovered that python-jose was expecting it when providing both the id and access tokens in decode()
mpdavis/python-jose#30
mpdavis/python-jose#75

Maybe it would be an interesting feature to support. It's not blocking us though ;)

The text was updated successfully, but these errors were encountered:

rfk · 2017-12-20T02:43:43Z

Assigning to myself so I don't lose track of this, because I'm generally in favour of adding more OIDC spec compliance that helps us work with existing libraries. I probably won't prioritize it until sometime next year tho...

rfk self-assigned this Dec 20, 2017

rfk added the waffle:backlog label Dec 20, 2017

rfk added this to the FxA-155: signin papercuts milestone Jun 27, 2018

vbudhram added the P3 label Jul 17, 2018

rfk added waffle:next and removed waffle:backlog labels Aug 21, 2018

vbudhram mentioned this issue Aug 29, 2018

feat(openid): add the openid connect at_hash value #598

Merged

ghost assigned vbudhram Aug 29, 2018

ghost added waffle:active and removed waffle:next labels Aug 29, 2018

vbudhram added waffle:review and removed waffle:active labels Aug 29, 2018

vbudhram closed this as completed in #598 Aug 30, 2018

ghost removed the waffle:review label Aug 30, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[openid-connect] Add at_hash claim in JWT token #509

[openid-connect] Add at_hash claim in JWT token #509

leplatrem commented Dec 17, 2017 •

edited

Loading

rfk commented Dec 20, 2017

[openid-connect] Add at_hash claim in JWT token #509

[openid-connect] Add at_hash claim in JWT token #509

Comments

leplatrem commented Dec 17, 2017 • edited Loading

rfk commented Dec 20, 2017

leplatrem commented Dec 17, 2017 •

edited

Loading