Thanks Udara for reporting this. Fixed it with PRs [1] and [2]. [1] https://github.com/wso2/carbon-identity/pull/814 [2] https://github.com/wso2/carbon-identity/pull/815
On Tue, Aug 11, 2015 at 2:55 PM, Udara Liyanage <[email protected]> wrote: > > Hi, > > The fixing PR of [3] (Access Token hash value is calculated incorrectly) > pick the first 16 bytes as the left most half of the digest. Just for my > curiosity, can we guarantee it is always > 16 bytes, or otherwise digest is always 32 bytes. Does n't it vary > depending on the algorithm use(alg header). > > byte[] leftmost = new byte[16]; > + for (int i = 0; i < 16; i++){ > + leftmost[i]=digest[i]; > + } > > > at_hash > OPTIONAL. Access Token hash value. Its value is the base64url > encoding of the left-most half of the hash of the octets of the > ASCII representation of the "access_token" value, where the hash > algorithm used is the hash algorithm used in the "alg" parameter > of the State Token's JWS [JWS] header. * For instance, if the "alg"* > * is "RS256"*, hash the "access_token" value with SHA-256, then take > the left-most 128 bits and base64url encode them. The "at_hash" > > > [1] > https://github.com/wso2/carbon-identity/commit/1756178b9ad62295eb5274a47b06775de13eab95 > [2] https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state-01 > [3] https://wso2.org/jira/browse/IDENTITY-3385 > -- > > Udara Liyanage > Software Engineer > WSO2, Inc.: http://wso2.com > lean. enterprise. middleware > > web: http://udaraliyanage.wordpress.com > phone: +94 71 443 6897 > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Thanks & Regards, *Johann Dilantha Nallathamby* Technical Lead & Product Lead of WSO2 Identity Server Integration Technologies Team WSO2, Inc. lean.enterprise.middleware Mobile - *+94777776950* Blog - *http://nallaa.wordpress.com <http://nallaa.wordpress.com>*
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
