Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Consider adding OIDC event to handle identity token validation for hybrid flow #9154
I am trying to handle JWE identity tokens returned from an OpenID Provider. Since
A JWE identity token returned from the authorization endpoint (implicit flow) or token endpoint (authorization code flow) can be handled using the token validated event.
However, when using the hybrid flow and receiving a JWE identity token from both the authorization endpoint and token endpoint (e.g. response type of
My current workaround is to override the protocol validator to handle JWS extraction, however according to this issue, the protocol validator is not the place to do this.
Please consider adding an event that would allow the identity token to be modified in this scenario.
We've moved this issue is in the Backlog milestone. This means that it is not going to happen for the coming release. We will re-assess the backlog following the current release and consider this item at that time. However, keep in mind that there are many other high priority features with which it will be competing for resources.