bug regarding at_hash

manfredsteyer · manfredsteyer · commit 8c1bc9b612be · 2016-06-03T20:16:10.000+02:00
diff --git a/oauth-service.js b/oauth-service.js
@@ -145,7 +145,7 @@ var OAuthService = (function () {
             return false;
         }
         if (this.issuer && claims.iss !== this.issuer) {
-            console.warn("Wrong issuer: " + claims.issuer);
+            console.warn("Wrong issuer: " + claims.iss);
             return false;
         }
         if (claims.nonce !== savedNonce) {
@@ -310,8 +310,13 @@ var OAuthService = (function () {
         var tokenHash = sha256(accessToken, { asBytes: true });
         var leftMostHalf = tokenHash.slice(0, (tokenHash.length / 2));
         var tokenHashBase64 = base64_js_1.fromByteArray(leftMostHalf);
-        var atHash = tokenHashBase64.replace("+", "-").replace("/", "_").replace(/=/g, "");
-        return (atHash == idClaims.at_hash);
+        var atHash = tokenHashBase64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+        var claimsAtHash = idClaims.at_hash.replace(/=/g, "");
+        if (atHash != claimsAtHash) {
+            console.warn("exptected at_hash: " + atHash);
+            console.warn("actual at_hash: " + claimsAtHash);
+        }
+        return (atHash == claimsAtHash);
     };
     return OAuthService;
 }());
diff --git a/oauth-service.ts b/oauth-service.ts
@@ -183,7 +183,7 @@ export class OAuthService {
             }
 
             if (this.issuer && claims.iss !== this.issuer) {
-                console.warn("Wrong issuer: " + claims.issuer);
+                console.warn("Wrong issuer: " + claims.iss);
                 return false;
             }
 
@@ -377,16 +377,18 @@ export class OAuthService {
     checkAtHash(accessToken, idClaims) {
         if (!accessToken || !idClaims || !idClaims.at_hash ) return true;
         var tokenHash: Array<any> = sha256(accessToken, { asBytes: true });
-        
-        // var leftMostHalf = tokenHash.substr(0, tokenHash.length/2 );
         var leftMostHalf = tokenHash.slice(0, (tokenHash.length/2) );
-
         var tokenHashBase64 = fromByteArray(leftMostHalf);
-        var atHash = tokenHashBase64.replace("+", "-").replace("/", "_").replace(/=/g, ""); 
-
-        // var atHash = Base64.encodeURI(leftMostHalf);
-
-        return (atHash == idClaims.at_hash);
+        var atHash = tokenHashBase64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=/g, "");
+        var claimsAtHash = idClaims.at_hash.replace(/=/g, "");
+        
+        if (atHash != claimsAtHash) {
+            console.warn("exptected at_hash: " + atHash);    
+            console.warn("actual at_hash: " + claimsAtHash);
+        }
+        
+        
+        return (atHash == claimsAtHash);
     }
     
 }
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "angular2-oauth2",
-  "version": "1.3.9",
+  "version": "1.3.10",
   "description": "",
   "main": "oauth-service.js",
   "author": "Manfred Steyer (http://www.softwarearchitekt.at)",

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "angular2-oauth2",`
`3`		`- "version": "1.3.9",`
	`3`	`+ "version": "1.3.10",`
`4`	`4`	`"description": "",`
`5`	`5`	`"main": "oauth-service.js",`
`6`	`6`	`"author": "Manfred Steyer (http://www.softwarearchitekt.at)",`