Skip to content

Commit

Permalink
fix: use sha512 for Ed25519 and shake256 for Ed448 ID Token _hash claims
Browse files Browse the repository at this point in the history
  • Loading branch information
@panva
panva committed Nov 7, 2019
1 parent f34526c commit fd3c9e9
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 9 deletions.
16 changes: 8 additions & 8 deletions lib/models/id_token.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -139,14 +139,6 @@ module.exports = function getIdToken(provider) {
throw new TypeError('invalid use option');
}

if (alg && alg !== 'none') {
hashes.forEach((claim) => {
if (payload[claim]) {
payload[claim] = tokenHash(payload[claim], alg);
}
});
}

const signed = await (() => {
if (!alg) {
return JSON.stringify(payload);
Expand All @@ -164,6 +156,14 @@ module.exports = function getIdToken(provider) {

const key = keystore && keystore.get({ alg, use: 'sig' });

if (alg !== 'none') {
hashes.forEach((claim) => {
if (payload[claim]) {
payload[claim] = tokenHash(payload[claim], alg, key.crv);
}
});
}

return JWT.sign(payload, key, alg, signOptions);
})();

Expand Down
2 changes: 1 addition & 1 deletion package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@
"lru-cache": "^5.1.1",
"nanoid": "^2.1.6",
"object-hash": "^2.0.0",
"oidc-token-hash": "^3.0.2",
"oidc-token-hash": "^4.0.0",
"raw-body": "^2.4.1"
},
"devDependencies": {
Expand Down

0 comments on commit fd3c9e9

Please sign in to comment.