'disableAtHashCheck' by default if responseType is 'id_token'

nick1699 · web-flow · commit 169d749d1906 · 2020-04-29T15:23:28.000+02:00
If the response type 'id_token' is in the implicit flow, no at_hash value is provided in the id_token.
diff --git a/projects/lib/src/oauth-service.ts b/projects/lib/src/oauth-service.ts
@@ -2068,7 +2068,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {
     // addressing https://github.com/manfredsteyer/angular-oauth2-oidc/issues/661
     // i.e. Based on spec the at_hash check is only true for implicit code flow on Ping Federate
     // https://www.pingidentity.com/developer/en/resources/openid-connect-developers-guide.html
-    if (this.hasOwnProperty('responseType') && this.responseType === 'code') {
+    if (this.hasOwnProperty('responseType') && (this.responseType === 'code' || this.responseType === 'id_token')) {
       this.disableAtHashCheck = true;
     }
     if (

Original file line number	Diff line number	Diff line change
`@@ -2068,7 +2068,7 @@ export class OAuthService extends AuthConfig implements OnDestroy {`
`2068`	`2068`	`// addressing https://github.com/manfredsteyer/angular-oauth2-oidc/issues/661`
`2069`	`2069`	`// i.e. Based on spec the at_hash check is only true for implicit code flow on Ping Federate`
`2070`	`2070`	`// https://www.pingidentity.com/developer/en/resources/openid-connect-developers-guide.html`
`2071`		`- if (this.hasOwnProperty('responseType') && this.responseType === 'code') {`
	`2071`	`+ if (this.hasOwnProperty('responseType') && (this.responseType === 'code' \|\| this.responseType === 'id_token')) {`
`2072`	`2072`	`this.disableAtHashCheck = true;`
`2073`	`2073`	`}`
`2074`	`2074`	`if (`