Hi all, According to is a git issue raised here [1] <https://github.com/wso2/product-is/issues/4352>, x5t generated manually and the one we send in the id_token are different.
When I debug the identity-inbound-oauth component, Thumbprint generated manually and generated in the id_token are the same. Thumbprint generated manually : 501fc1432d87155dc431382aeb843ed558ad61b1 Thumbprint generated in id_token : 501fc1432d87155dc431382aeb843ed558ad61b1 But the issue is in base64 encoding. x5t generated manually after base64 encoding is different form the x5t generated in id_token. x5t generated manually : *NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ==* x5t generated in the id_token : *NTAxZmMxNDMyZDg3MTU1ZGM0MzEzODJhZWI4NDNlZDU1OGFkNjFiMQ* In identity-inbound-oauth, We use org.apache.commons.codec.binary.Base64 library for base64 encoding during x5t generation. In the documentation of this library, it is mentioned that *no padding is added when using the URL-safe alphabet *[2] <https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/binary/Base64.html>*. *In id_token building process, we pass urlSafe = true. So this will remove the trailing "=" during base64 encoding. So is this a proper way to remove trailing "=" during base64 encoding in x5t generation? [1]https://github.com/wso2/product-is/issues/4352 [2] https://commons.apache.org/proper/commons-codec/apidocs/org/apache/commons/codec/binary/Base64.html Thanks and Regards, Piraveena *Piraveena Paralogarajah* Software Engineer | WSO2 Inc. *(m)* +94776099594 | *(e)* [email protected]
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
