Hi, The fixing PR of [3] (Access Token hash value is calculated incorrectly) pick the first 16 bytes as the left most half of the digest. Just for my curiosity, can we guarantee it is always 16 bytes, or otherwise digest is always 32 bytes. Does n't it vary depending on the algorithm use(alg header).
byte[] leftmost = new byte[16]; + for (int i = 0; i < 16; i++){ + leftmost[i]=digest[i]; + } at_hash OPTIONAL. Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the "access_token" value, where the hash algorithm used is the hash algorithm used in the "alg" parameter of the State Token's JWS [JWS] header. * For instance, if the "alg"* * is "RS256"*, hash the "access_token" value with SHA-256, then take the left-most 128 bits and base64url encode them. The "at_hash" [1] https://github.com/wso2/carbon-identity/commit/1756178b9ad62295eb5274a47b06775de13eab95 [2] https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-01 [3] https://wso2.org/jira/browse/IDENTITY-3385 -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev