Support for at_hash and c_hash

[JBYoshi]

Is your feature request related to a problem? Please describe.
OpenID Connect has a mode called "hybrid mode" that issues JWTs along with access tokens or OAuth authorization codes. When using hybrid mode, the specification requires the JWTs to include an at_hash and/or c_hash option, corresponding to an abbreviated hash of the access token and the authorization code.

Note that the actual values in the JWT aren't complete hashes; they only use the first half of the original hash, which is then encoded using URL-safe Base64. The hash algorithm is always the same one used for the corresponding signing operation (for example, HS256, RS256, ES256, and PS256 all use SHA-256).

Describe the solution you'd like
I'd like to be able to pass the access token and authorization code directly to JWT.sign() and have the hashes automatically calculated based on the correct algorithm. Something like this:

const idToken = JWT.sign({
    iss: domain,
    sub: userId,
    // other information
  }, signingKey, {
    accessToken: "X3eKJcuc0LQC2NbPl1LqAw",
    authorizationCode: "uzVvZ4ec51xpBadn0Dgipg"
  });

It might also be useful for JWT.verify() to support similar options for verification, in the same way that it currently does for issuer, nonce, subject, and jti.

const payload = JWT.verify(idToken, verificationKey, {
    accessToken: "X3eKJcuc0LQC2NbPl1LqAw",
    authorizationCode: "uzVvZ4ec51xpBadn0Dgipg"
  });

Describe alternatives you've considered
Right now, all the JWT algorithms (except none) use SHA-2 with a number of bits indicated in the algorithm ID. It would be possible to calculate the hashes before calling JWT.sign() or after calling JWT.verify(). However, since other types of hashes could be used in the future, it would be more convenient to keep this behavior in a library.

Additional context
OpenID Connect specification for at_hash and c_hash: https://openid.net/specs/openid-connect-core-1_0.html#rfc.section.3.3.2.11 (There are several examples at the bottom of that page.)

• i have searched the configuration section for this feature and couldn't find it
• i have searched the issues tracker on github for similar requests and couldn't find anything related.

[panva]

Hi @JBYoshi

thanks for the suggestion, i'm very familiar with these validations.

Validating contextual claims outside of the core JWT profile is out of scope for this library. This context is known to the consumer who's also able to take the validated JWT contents and validate them ad acta.

For this particular case as well as for producing the hashes, a library already exists that covers all algs. Please note it's not always sha-2 that's used.

Also note that the example you've provided is NOT an ID Token validation example, it fails to verify presence of required claims such as iat and exp, etc. See the docs and specify the correct profile option value to validate the JWT according to its profile (such as ID Token).