Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
if (payload.s_hash) {
if (!state) {
throw new TypeError('cannot verify s_hash, "checks.state" property not provided');
}
try {
tokenHash.validate({ claim: 's_hash', source: 'state' }, payload.s_hash, state, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
}
if (tokenSet.access_token && payload.at_hash !== undefined) {
try {
tokenHash.validate({ claim: 'at_hash', source: 'access_token' }, payload.at_hash, tokenSet.access_token, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
if (tokenSet.code && payload.c_hash !== undefined) {
try {
tokenHash.validate({ claim: 'c_hash', source: 'code' }, payload.c_hash, tokenSet.code, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
return tokenSet;
}
throw new RPError({ message: err.message, jwt: idToken });
}
}
}
if (tokenSet.access_token && payload.at_hash !== undefined) {
try {
tokenHash.validate({ claim: 'at_hash', source: 'access_token' }, payload.at_hash, tokenSet.access_token, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
if (tokenSet.code && payload.c_hash !== undefined) {
try {
tokenHash.validate({ claim: 'c_hash', source: 'code' }, payload.c_hash, tokenSet.code, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
return tokenSet;
}
if (!payload.s_hash && (tokenSet.state || state)) {
throw new RPError({
message: 'missing required property s_hash',
jwt: idToken,
});
}
}
if (payload.s_hash) {
if (!state) {
throw new TypeError('cannot verify s_hash, "checks.state" property not provided');
}
try {
tokenHash.validate({ claim: 's_hash', source: 'state' }, payload.s_hash, state, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
}
if (tokenSet.access_token && payload.at_hash !== undefined) {
try {
tokenHash.validate({ claim: 'at_hash', source: 'access_token' }, payload.at_hash, tokenSet.access_token, header.alg, key && key.crv);
} catch (err) {
throw new RPError({ message: err.message, jwt: idToken });
}
}
if (tokenSet.code && payload.c_hash !== undefined) {
try {
hashes.forEach((claim) => {
if (payload[claim]) {
payload[claim] = tokenHash(payload[claim], alg, key.crv);
}
});
}