Skip to content

Commit

Permalink
Merge pull request #185 from rglauco/rglauco-patch-1
Browse files Browse the repository at this point in the history 
chore: expanded at_hash explanation in IT and EN
  • Loading branch information
Giuseppe De Marco authored Jul 6, 2023
2 parents 26f0711 + 9acf1b0 commit a9aebe6
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion docs/en/token_endpoint.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -290,7 +290,7 @@ The claims available in the *ID Token* are given below.
- Effective authentication level. It MUST be equal or greater than the one requested by the client in the Authentication Request.
- |spid-icon| |cieid-icon|
* - **at_hash**
- See `OpenID.Core#CodeIDToken`_. The client MUST verify that this value matches the *Access Token* returned with the Token ID.
- See `OpenID.Core#CodeIDToken`_. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the *Access Token* value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. The client MUST verify this value by applying the same function to the *Access Token* returned with the Token ID.
- |spid-icon| |cieid-icon|
* - **iat**
- UNIX Timestamp with the time of JWT issuance, coded as NumericDate as indicated in :rfc:`7519`.
Expand Down
2 changes: 1 addition & 1 deletion docs/it/token_endpoint.rst
View file
Original file line number Diff line number Diff line change
Expand Up @@ -284,7 +284,7 @@ Di seguito i claim disponibili nell'ID Token.
- Livello di autenticazione effettivo. DEVE essere uguale o superiore a quello richiesto dal RP nella Authentication Request.
- |spid-icon| |cieid-icon|
* - **at_hash**
- Vedi `OpenID.Core#CodeIDToken`_. Il client DEVE verificare che questo valore corrisponda all'*Access Token* restituito insieme all'ID Token.
- Vedi `OpenID.Core#CodeIDToken`_. Il suo valore è la codifica base64url della prima metà dell'hash calcolato sulla rappresentazione ASCII dell'*Access Token*, usando l'algoritmo di hashing indicato in **alg** nell'header dell'ID Token. Il client DEVE verificare che questo valore corrisponda applicando la medesima funzione all'*Access Token* restituito insieme all'ID Token.
- |spid-icon| |cieid-icon|
* - **iat**
- UNIX Timestamp con l'istante di generazione del JWT, codificato come NumericDate come indicato in :rfc:`7519`
Expand Down

0 comments on commit a9aebe6

Please sign in to comment.