We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Do you want to request a feature or report a bug?
feature
What is the current behavior?
When request access_token with "grant_type=authorization_code", the id_token of response has not "at_hash" claim.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
What is the expected behavior?
Append "at_hash" claim to id_token.
I understand the claim is optional, but FAPI(https://openid.net/specs/openid-financial-api-part-2.html#authorization-response-parameter-injection-attack) use it to prevent some attack. Thanks.
Which version of the software is affected?
v1.0.0-bate.9
The text was updated successfully, but these errors were encountered:
Feel free to create a PR for this in fosite.
Sorry, something went wrong.
Thank you for the advice.
No branches or pull requests
Do you want to request a feature or report a bug?
feature
What is the current behavior?
When request access_token with "grant_type=authorization_code", the id_token of response has not "at_hash" claim.
If the current behavior is a bug, please provide the steps to reproduce and if possible a minimal demo of the problem.
What is the expected behavior?
Append "at_hash" claim to id_token.
I understand the claim is optional, but FAPI(https://openid.net/specs/openid-financial-api-part-2.html#authorization-response-parameter-injection-attack) use it to prevent some attack.
Thanks.
Which version of the software is affected?
v1.0.0-bate.9
The text was updated successfully, but these errors were encountered: