Commit 02f021a
committed
Verify ID token before using as logout hint
Add verifyIdToken() function to validate ID tokens with full OIDC-compliant
checks (signature, issuer, expiration, audience) before passing to IdP.
If verification fails during logout, proceed without the id_token_hint
parameter rather than sending an unverified token.1 parent 0089cbb commit 02f021a
2 files changed
Lines changed: 28 additions & 2 deletions
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
130 | 130 | | |
131 | 131 | | |
132 | 132 | | |
| 133 | + | |
| 134 | + | |
| 135 | + | |
| 136 | + | |
| 137 | + | |
| 138 | + | |
| 139 | + | |
| 140 | + | |
| 141 | + | |
| 142 | + | |
| 143 | + | |
133 | 144 | | |
134 | 145 | | |
135 | 146 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
| 17 | + | |
| 18 | + | |
| 19 | + | |
| 20 | + | |
| 21 | + | |
| 22 | + | |
| 23 | + | |
| 24 | + | |
| 25 | + | |
| 26 | + | |
| 27 | + | |
| 28 | + | |
| 29 | + | |
17 | 30 | | |
18 | 31 | | |
19 | 32 | | |
| |||
26 | 39 | | |
27 | 40 | | |
28 | 41 | | |
29 | | - | |
| 42 | + | |
| 43 | + | |
| 44 | + | |
30 | 45 | | |
31 | 46 | | |
32 | 47 | | |
| |||
0 commit comments