verify_access_token_map_hash uses SHA-256 (regardless of ID token alg)

[neelima32]

oidcc version

3.6.0

Erlang version

28

Elixir version

Summary

https://github.com/erlef/oidcc/blob/main/src/oidcc_token.erl#L822-L838
The function uses a fixed SHA256 hash and length of 16 bytes, even when the ID token signing algorithm is RS384.

From Section 3.1.3.6:

at_hash
OPTIONAL. Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and base64url-encode them. The at_hash value is a case-sensitive string.

As a result, access token hash validation fails when the ID token signing algorithm uses a hash other than SHA-256.

Current behavior

Access token hash validation fails when the ID token signing algorithm used is RS384.

Failed with Keycloak (when RS384 signing algorithm was specified).
Switching the signing algorithm to RS256 resolved the issue.

How to reproduce

Specify RS384 as the signing algorithm with Keycloak.

Expected behavior

access token hash validation should work with signing algorithms that use SHA-384/SHA-512 hash.

[elepedus]

I just came across this issue myself. Assumed I had made a mistake implementing my own identity provider, but eventually found that oidcc hardcodes RS256.

Happy to work on a fix, if the team is willing to accept contributions?

[maennchen]

@elepedus I would happily accept a PR for this :)