How do I validate an access token using the at_hash claim of an id token?

后端未结

关注

 5  1564

遇见更好的自我 2021-02-09 19:36

Say I have the following response from Google\'s OAuth2 /token endpoint after exchanging the code obtained from the /auth endpoint (using this example

5条回答

死守一世寂寞 (楼主)

2021-02-09 20:03

C# solution, though I'm not sure if it works in all cases:

using System.Linq;
using System.Security.Cryptography;
using System.Text;

    static readonly char[] padding = { '=' };

    private static string CreateGoogleAtHash(string accessToken)
    {
        using (SHA256 sha256Hash = SHA256.Create())
        {
            byte[] bytes = sha256Hash.ComputeHash(Encoding.ASCII.GetBytes(accessToken));
            byte[] firstHalf = bytes.Take(bytes.Length / 2).ToArray();

            return System.Convert.ToBase64String(firstHalf).TrimEnd(padding).Replace('+', '-').Replace('/', '_');
        }
    }

0 讨论(0)

查看其它5个回答