Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow #1773

Merged
merged 1 commit into from
Feb 10, 2021
Merged

Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow #1773

merged 1 commit into from
Feb 10, 2021

Conversation

HEllRZA
Copy link
Contributor

@HEllRZA HEllRZA commented Jul 31, 2020

This PR adds support for c_hash on the id_token.
The c_hash is required in the hybrid flow, and optional otherwise.

According to https://openid.net/specs/openid-connect-core-1_0.html#CodeValidation

If the ID Token is issued from the Authorization Endpoint with a code, which is the case for the response_type values code id_token and code id_token token, this is REQUIRED; otherwise, its inclusion is OPTIONAL.

OpenID Connect Certification
The test (OP-IDToken-c_hash) now succeeds

@HEllRZA
Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow
f6cd778 
* fixed name collision (renamed hash->hashFunc)

Signed-off-by: Bernd Eckstein <Bernd.Eckstein@faro.com>
@HEllRZA HEllRZA mentioned this pull request Jul 31, 2020
Closed
@HEllRZA
Copy link
Contributor Author

HEllRZA commented Aug 6, 2020
edited
Loading

Patiently waiting ...

@sagikazarmark
Copy link
Member

Thanks @HEllRZA

@sagikazarmark sagikazarmark added this to the v2.28.0 milestone Feb 10, 2021
@sagikazarmark sagikazarmark merged commit 5a667bb into dexidp:master Feb 10, 2021
@HEllRZA HEllRZA deleted the faro-upstream/add-c_hash-to-id_token branch February 15, 2021 18:48
xtremerui pushed a commit to concourse/dex that referenced this pull request Mar 16, 2021
upstream dex release: v2.28.0
ef54461 
The official docker release for this release can be pulled from

```
ghcr.io/dexidp/dex:v2.28.0
```

**Features:**

- Add c_hash to id_token, issued on /auth endpoint, when in hybrid flow (dexidp#1773, @HEllRZA)
- Allow configuration of returned auth proxy header (dexidp#1839, @seuf)
- Allow to disable os.ExpandEnv for storage + connector configs by env variable DEX_EXPAND_ENV = false (dexidp#1902, @heidemn-faro)
- Added the possibility to activate lowercase for UPN-Strings (dexidp#1888, @VF-mbrauer)
- Add "Cache-control: no-store" and "Pragma: no-cache" headers to token responses (dexidp#1948, @nabokihms)
- Add gomplate to the docker image (dexidp#1893, @nabokihms)
- Graceful shutdown (dexidp#1963, @nabokihms)
- Allow public clients created with API to have no client_secret (dexidp#1871, @spohner)

**Bugfixes:**

- Fix the etcd PKCE AuthCode deserialization (dexidp#1908, @bnu0)
- Fix garbage collection logging of device codes and device request (dexidp#1918, @nabokihms)
- Discovery endpoint contains updated claims and auth methods (dexidp#1951, @nabokihms)
- Return invalid_grant error if auth code is invalid or expired (dexidp#1952, @nabokihms)
- Return an error to auth requests with the "request" parameter (dexidp#1956, @nabokihms)

**Minor changes:**

- Change default themes to light/dark (dexidp#1858, @nabokihms)
- Various developer experience improvements
- Dependency upgrades
- Tons of small fixes and changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sagikazarmark sagikazarmark sagikazarmark approved these changes

@MontoyaTech MontoyaTech MontoyaTech approved these changes

Assignees
No one assigned
Labels
area/oidc-spec kind/enhancement
Projects
None yet
Milestone
v2.28.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@HEllRZA @sagikazarmark @MontoyaTech