search

bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php
http://bshaffer.github.io/oauth2-server-php-docs
MIT License
3.26k stars 950 forks source link

Open id c_hash is missing ? #905

Open esynaps opened 6 years ago

esynaps commented 6 years ago

Hi, I saw that the ID Token of Open id contained an at_hash claim for an 'id_token token' response type but the c_hash claim is missing for 'code id_token' response type.

This is required according to the official documentation of Open id. @see http://openid.net/specs/openid-connect-core-1_0.html#CodeValidation Is it an implementation omission?

alexandre-le-borgne commented 6 years ago

@bshaffer Is the project still maintained?