The token endpoint returns a c_hash value instead of an expected at_hash value in the ID token.
Last updated 2014-09-22 ·Reference W-2122403 ·Reported By 0 users
The ID token returned from the token endpoint in the response to a successful OAuth request includes a c_hash value rather than an at_hash value. Based on the OpenID Connect spec (http://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken), the token should contain the at_hash value.
Use the token endpoint https://login.salesforce.com/services/oauth2/token
with the openid scope for authorization, using an OAuth flow.
The value for the c_hash is generated from the access token, so it's currently the same as the expected at_hash.
Reported By (0)
Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.