Hi,
The fixing PR of [3] (Access Token hash value is calculated incorrectly)
pick the first 16 bytes as the left most half of the digest. Just for my
curiosity, can we guarantee it is always
16 bytes, or otherwise digest is always 32 bytes. Does n't it vary
depending on the algorithm use(alg header).
byte[] leftmost = new byte[16];
+ for (int i = 0; i < 16; i++){
+ leftmost[i]=digest[i];
+ }
at_hash
OPTIONAL. Access Token hash value. Its value is the base64url
encoding of the left-most half of the hash of the octets of the
ASCII representation of the "access_token" value, where the hash
algorithm used is the hash algorithm used in the "alg" parameter
of the State Token's JWS [JWS] header. * For instance, if the "alg"*
* is "RS256"*, hash the "access_token" value with SHA-256, then take
the left-most 128 bits and base64url encode them. The "at_hash"
[1]
https://github.com/wso2/carbon-identity/commit/1756178b9ad62295eb5274a47b06775de13eab95
[2] https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-01
[3] https://wso2.org/jira/browse/IDENTITY-3385
--
Udara Liyanage
Software Engineer
WSO2, Inc.: http://wso2.com
lean. enterprise. middleware
web: http://udaraliyanage.wordpress.com
phone: +94 71 443 6897
_______________________________________________
Dev mailing list
Dev@wso2.org
http://wso2.org/cgi-bin/mailman/listinfo/dev
