locked
Authorization Code Validation (OpenID Connect 1.0) RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-345719443 posted

    I try to follow the following steps to validate an Authorization CODE:

    To validate an Authorization Code issued from the Authorization Endpoint with an ID Token, the Client SHOULD do the following:

    1-) Hash the octets of the ASCII representation of the code with the hash algorithm specified in JWA [JWA] for the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, the hash algorithm used is SHA-256.

    2-) Take the left-most half of the hash and base64url encode it.

    3-) The value of c_hash in the ID Token MUST match the value produced in the previous step if c_hash is present in the ID Token.

    I have this CODE when I request an Authorization endpoint the first time to try authenticate a user from a WebForms Client :

    code=0655d48df75629d9fdbd5a060141bf66ca04418a0e762a6a5e6382c2748753af

    I have this C_HASH too that I can get from the id_token :

    "c_hash": "QadHSCSim4aHM8q1F1F6Bg"

    I'm trying to validate the CODE doing the next :

    Private Shared Function IsValidAuthorizationCode(authorizationCode As String, stringIdTokenPayload As String) As Boolean
    Dim serializer As New JavaScriptSerializer()
    Dim BytesPayload As Byte() = Decode(stringIdTokenPayload)
    Dim stringPayload As String = System.Text.ASCIIEncoding.ASCII.GetString(BytesPayload)
    Dim deserialized_payload = serializer.Deserialize(Of Dictionary(Of String, Object))(stringPayload)
    Dim c_hash = deserialized_payload.Item("c_hash").ToString()

    Dim mySHA256 = SHA256Managed.Create()
    Dim authorizationCodeOCTETS = Decode(authorizationCode)
    Dim elemntsToIterate = mySHA256.ComputeHash(authorizationCodeOCTETS)
    Dim length = elemntsToIterate.Length
    Dim hashedCode(length/2 - 1) As Byte

    Dim count = -1
    For Each element As Byte in elemntsToIterate
        count += 1
        If count > 15 Then
            hashedCode(count - 16) = element
        End If
    Next

    Dim hashedCodeLikeString = Convert.ToBase64String(hashedCode)
    If hashedCodeLikeString.Length <> hashedCode.Length
        Return False
    Dim result As Boolean = True
    For value As Integer = 0 To hashedCodeLikeString.Length
        If (hashedCodeLikeString(value) <> hashedCode(value)) Then
            result = False
            Exit For
        End If
    Next
    Return result
End Function

    But I don't get the expected result. I need to get a TRUE value but I get a FALSE. I think that I am doing something wrong but I don't see what it is. Any help, please?

    Thank you very much in advance.

    Wednesday, July 11, 2018 1:30 PM

Answers

  • Question
    Sign in to vote
    0
    Sign in to vote
    User-345719443 posted

    I already got a solution. I had to change the way I was decoding. Thank you!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 12, 2018 4:42 PM

All replies

  • Question
    Sign in to vote
    0
    Sign in to vote
    User1724605321 posted

    Hi gmirandapareja,

    Please  debug your codes and trace the variable line by line . Confirm the values and find out which step cause the problem .

    Best Regards,

    Nan Yu

    Thursday, July 12, 2018 8:00 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    User-345719443 posted

    I already got a solution. I had to change the way I was decoding. Thank you!

    • Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
    Thursday, July 12, 2018 4:42 PM