I have fixed AbstractCipherExecutor and EncodingUtils to support ECDSA. But now I am facing another problem.
Oauth2 access token is generated twice, first in OAuth20JwtAccessTokenEncoder and the second OidcIdTokenGeneratorService, and the second output is used to calculate at_hash in OIDC id_token OidcIdTokenGeneratorService. Now the problem is for ECDSA, a noune is required to generates a signature. Therefore, even for identical input, signature output is difference every time. Therefore, to support ECDSA, the access token in OidcIdTokenGeneratorService must NOT be re-generated, but rather taken from the output of OAuth20JwtAccessTokenEncoder, otherwise at_hash would be broken. I really need help now, since the code flow seems do not support such operation. -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/330de288-e840-4d51-9438-312e0ddf993a%40apereo.org.
