[Openid-specs-ab] Key Binding - hash of code

[Dick Hardt]

Hey Filip

You suggested we include a hash of the code rather than the code in the
DPoP JWT, similar to `at_hash` -> let's call if `code_hash`

In at_hash, the hash algorithm is based on the hash algorithm used in the
ID Token's JOSE Header. In the code_hash case, the RP does not yet have the
ID Token, so it does not know which hash algorithm to use. Given this, the
code path for generating the `at_hash` is not going to be the same for
`code_hash`. (see snippet from spec below)

While there are some OPs that generate long codes, I think we are adding
another step for implementers to stumble so that we save some bytes
sometimes. Was there another motivation for keeping it short? It is a one
time call in the flow.

/Dick

> at_hash
OPTIONAL. Access Token hash value. Its value is the base64url encoding of
the left-most half of the hash of the octets of the ASCII representation of
the access_token value, where the hash algorithm used is the hash algorithm
used in the alg Header Parameter of the ID Token's JOSE Header. For
instance, if the alg is RS256, hash the access_token value with SHA-256,
then take the left-most 128 bits and base64url-encode them. The at_hash value
is a case-sensitive string.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20250821/2b8f4c5d/attachment.htm>