Thanks to visit codestin.com
Credit goes to github.com

Skip to content

oidc: at_hash / c_hash mismatch #338

New issue
New issue
Closed
Closed
oidc: at_hash / c_hash mismatch#338
Assignees
aeneasr
Labels
upstreamIssue is caused by an upstream dependency.
@janekolszak

Description

@janekolszak
janekolszak
opened on Dec 29, 2016

Hi!
I get a c_hash mismatch when using https://www.npmjs.com/package/openid-client.

Query:

code=ayOThtgZ1P-nwPyCFUKlHxHtXKMoVuUozAbS9U6dUE0.uRBdJFQHGtL0Tcek3Ws1F2h0r1h_wkwFn2KJ07k59AM

id_token=eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJ3dGEtZCIsImF1dGhfdGltZSI6MTQ4Mjk2ODUyMywiY19oYXNoIjoiWlVVM1RVbGlOWGg2VUZST1pVb3lUWEJQT1VZM1FUMDkiLCJleHAiOjEuNDgyOTcyMTIzZSswOSwiaWF0IjoxLjQ4Mjk2ODUyM2UrMDksImlzcyI6Imh0dHBzOi8vb2lkYy53b3JrdGltZWFzc2lzdGFudC5jb20iLCJub25jZSI6IjhmYWU0NDUxLWRmMTItNGZlYy04Y2M0LTFmNWZmZjQzYjI4MyIsInN1YiI6ImIzMjhjNDcyLTRmMTktNDBmNy1hODM5LWRiMGY3ZTkwYmMyMyJ9.joNG_ZKjJh9z2LTSuFtK1cvK8xgnyx9W_nxx-rSxQYmNR6--382qtSbzK0GWF-qltaN_YZaj3hHVEBv5-brsXGaKhXSyN3J4RLG5qtr1ULGKehUDGJPV-n9NS4zL0GuohnVT8hzRnyQ9rAW2OE9upGL3W_6Jhs8WnTq5qd1_wvDDlRj6r08YrTfaL6Za3V_vD9jUvXvWb3GfS6jdLau2Rm0UL1zV126ODjU4AvhM0vKX2nsSlBHIz2Jwoh46GefxoYlIgsAk5oPNJNVcaxuPev8-4tufdhDJ6GwlQfGgXxo4VVBTjZhaedl1kkxYePNAda8ZofUOFh2LpjHwXmQyPYba9Y1ZWUwNsVknn_k7gwBdwQiEXb7AqzitySGbIP9AJms69ofd6bc8czR9WeaaKPP-GeOLb6WmH5wu88Ilrjo4pOcarv48fj1JoBLnE03a-BI6bDYIW2MXrdR3Rg_5_czLecpUSslKAPNpzTsKT2stSTdUKtcf6BOdfZyGUaqSlCrAQKKsLN55_AQ70Ipb1BmzILPgsFX3wdWUIt0rsiWRN-3x3J5o8ZykuRupZTIFsfyFxt3aGb8KpYfU-SsfePK8WcKN0TEo7d2BFFaQg7EjUOicayNJNqy4pjccMqszJc8ifq6qMHkAlY1zfbT4HDT130gn5As_Su0adu6hpGo

state=feb3fa83-7695-4a4d-9cd6-342a7f5a6baf

Decoded id_token:

{
  "alg": "RS256",
  "typ": "JWT"
}
{
  "aud": "wta-d",
  "auth_time": 1482968523,
  "c_hash": "ZUU3TUliNXh6UFROZUoyTXBPOUY3QT09",
  "exp": 1482972123,
  "iat": 1482968523,
  "iss": "https://oidc.worktimeassistant.com",
  "nonce": "8fae4451-df12-4fec-8cc4-1f5fff43b283",
  "sub": "b328c472-4f19-40f7-a839-db0f7e90bc23"
}

c_hash in the id_token seems to be too wrong. sha256sum returns:

echo -n ayOThtgZ1P-nwPyCFUKlHxHtXKMoVuUozAbS9U6dUE0.uRBdJFQHGtL0Tcek3Ws1F2h0r1h_wkwFn2KJ07k59AM | sha256sum

784ecc21be71ccf4cd789d8ca4ef45ec9a7d051b98747b26be93482e8e4eecf7

Metadata

Metadata

Assignees

Labels

upstreamIssue is caused by an upstream dependency.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions