`id_token` generation does not work with `EdDSA`
It seems id_token generation is broken with EdDSA jwks.
The create_half_hash method is called in the generate_id_token method:
| if code: | |
| payload["c_hash"] = to_native(create_half_hash(code, alg)) | |
| access_token = token.get("access_token") | |
| if access_token: | |
| payload["at_hash"] = to_native(create_half_hash(access_token, alg)) |
However, it seems it does not support EdDSA keys:
>>> from authlib.oidc.core.util import create_half_hash >>> assert create_half_hash("test", "RS256") >>> assert create_half_hash("test", "EdDSA") Traceback (most recent call last): File "<stdin>", line 1, in <module> AssertionError
After investigation, it seems this is because authlib tries to access hashlib.shaDSA, which does not exist:
| def create_half_hash(s, alg): | |
| hash_type = f"sha{alg[2:]}" | |
| hash_alg = getattr(hashlib, hash_type, None) | |
| if not hash_alg: | |
| return None | |
| data_digest = hash_alg(to_bytes(s)).digest() | |
| slice_index = int(len(data_digest) / 2) | |
| return urlsafe_b64encode(data_digest[:slice_index]) |