Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Consider adding OIDC event to handle identity token validation for hybrid flow #9154

scottbrady91 opened this Issue Apr 7, 2019 · 2 comments


None yet
3 participants
Copy link

commented Apr 7, 2019

I am trying to handle JWE identity tokens returned from an OpenID Provider. Since OpenIdConnectProtocolValidator is meant for JWS, I must ensure that the token sent for validation is the inner token of the decrypted JWE.

A JWE identity token returned from the authorization endpoint (implicit flow) or token endpoint (authorization code flow) can be handled using the token validated event.

However, when using the hybrid flow and receiving a JWE identity token from both the authorization endpoint and token endpoint (e.g. response type of code id_token), I am not given the opportunity to handle the identity token:

My current workaround is to override the protocol validator to handle JWS extraction, however according to this issue, the protocol validator is not the place to do this.

Please consider adding an event that would allow the identity token to be modified in this scenario.


This comment has been minimized.

Copy link

commented Apr 7, 2019

Also #9092

@Eilon Eilon added this to the Backlog milestone Apr 11, 2019


This comment has been minimized.

Copy link

commented Apr 11, 2019

We've moved this issue is in the Backlog milestone. This means that it is not going to happen for the coming release. We will re-assess the backlog following the current release and consider this item at that time. However, keep in mind that there are many other high priority features with which it will be competing for resources.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.