Skip to content

Commit

Permalink
add optional field at_hash to idToken when using Authorization Code f…
Browse files Browse the repository at this point in the history 
…low since it improves performance and allows to follow the recommandation in RFC for clients to use hash for access_token validation
  • Loading branch information
@yelhouti @mposolda
yelhouti authored and mposolda committed May 27, 2020
1 parent bc901d0 commit 086bdd1
Showing 1 changed file with 4 additions and 4 deletions.
8 changes: 4 additions & 4 deletions services/src/main/java/org/keycloak/protocol/oidc/endpoints/TokenEndpoint.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -414,7 +414,7 @@ public Response codeToToken() {
}

if (TokenUtil.isOIDCRequest(scopeParam)) {
responseBuilder.generateIDToken();
responseBuilder.generateIDToken().generateAccessTokenHash();
}

AccessTokenResponse res = null;
Expand Down Expand Up @@ -614,7 +614,7 @@ public Response resourceOwnerPasswordCredentialsGrant() {

String scopeParam = clientSessionCtx.getClientSession().getNote(OAuth2Constants.SCOPE);
if (TokenUtil.isOIDCRequest(scopeParam)) {
responseBuilder.generateIDToken();
responseBuilder.generateIDToken().generateAccessTokenHash();
}

// TODO : do the same as codeToToken()
Expand Down Expand Up @@ -688,7 +688,7 @@ public Response clientCredentialsGrant() {

String scopeParam = clientSessionCtx.getClientSession().getNote(OAuth2Constants.SCOPE);
if (TokenUtil.isOIDCRequest(scopeParam)) {
responseBuilder.generateIDToken();
responseBuilder.generateIDToken().generateAccessTokenHash();
}

// TODO : do the same as codeToToken()
Expand Down Expand Up @@ -925,7 +925,7 @@ protected Response exchangeClientToClient(UserModel targetUser, UserSessionModel

String scopeParam = clientSessionCtx.getClientSession().getNote(OAuth2Constants.SCOPE);
if (TokenUtil.isOIDCRequest(scopeParam)) {
responseBuilder.generateIDToken();
responseBuilder.generateIDToken().generateAccessTokenHash();
}

AccessTokenResponse res = responseBuilder.build();
Expand Down

0 comments on commit 086bdd1

Please sign in to comment.