| 146 | |
| 147 | |
| 148 | class ImplicitIDToken(IDToken): |
| 149 | RESPONSE_TYPES = ("id_token", "id_token token") |
| 150 | ESSENTIAL_CLAIMS = ["iss", "sub", "aud", "exp", "iat", "nonce"] |
| 151 | REGISTERED_CLAIMS = _REGISTERED_CLAIMS |
| 152 | |
| 153 | def validate_at_hash(self): |
| 154 | """If the ID Token is issued from the Authorization Endpoint with an |
| 155 | access_token value, which is the case for the response_type value |
| 156 | id_token token, this is REQUIRED; it MAY NOT be used when no Access |
| 157 | Token is issued, which is the case for the response_type value |
| 158 | id_token. |
| 159 | """ |
| 160 | access_token = self.params.get("access_token") |
| 161 | if access_token and "at_hash" not in self: |
| 162 | raise MissingClaimError("at_hash") |
| 163 | super().validate_at_hash() |
| 164 | |
| 165 | |
| 166 | class HybridIDToken(ImplicitIDToken): |
no outgoing calls
searching dependent graphs…