[Openid-specs-ab] Issue #1530: Core - c_hash and at_hash parameters (openid/connect)
Francesco Marino
issues-reply at bitbucket.org
Thu Jun 16 07:19:44 UTC 2022
New issue 1530: Core - c_hash and at_hash parameters
https://bitbucket.org/openid/connect/issues/1530/core-c_hash-and-at_hash-parameters
Francesco Marino:
The parameters c\_hash and at\_hash are considered for the hybrid flow only and not for the auth code flow. I understand the reason for this choice. However, I would suggest adding them as optional for auth code flow as an additional security measure as well \(against AT/Code injection\).
What are your thoughts on this?
More information about the Openid-specs-ab
mailing list