TL;DR
The c_hash claim in your id_token helps verify the identity provider (IdP) used for login. If it’s missing or incorrect, an attacker might be able to trick your application into accepting a fake login from a different IdP – this is called an IdP MixUp attack. This guide shows you how to check and use c_hash properly to prevent these attacks.
What’s the Problem?
When a user logs in, your application receives an id_token from the IdP. This token contains information about the login, including who logged in (the subject) and which IdP was used. The c_hash claim is a cryptographic hash of the IdP’s configuration. If an attacker can control the contents of the id_token, they could potentially swap out the real IdP with a malicious one.
How to Fix It
- Understand Your Expected
c_hashValues- Your application needs to know what valid
c_hashvalues look like. This means you need to store the expected hashes for each IdP you trust. - These hashes are generated from the IdP’s metadata (usually a JSON file). The exact method depends on your identity provider and authentication library, but it generally involves hashing specific parts of the metadata document.
- Your application needs to know what valid
- Verify the
c_hashClaim- When you receive an id_token, always check that the
c_hashclaim exists and matches one of your expected values. - If the hash doesn’t match, reject the token immediately. Do not proceed with login.
- When you receive an id_token, always check that the
- Example Code (Conceptual – Adapt to Your Library)
# Assuming you have a list of expected c_hash values expected_hashes = [ "some-hash-value-1", "some-hash-value-2" ] token = get_id_token() c_hash_from_token = token.get("c_hash") if c_hash_from_token is None: # Reject the token - c_hash claim is missing print("Error: c_hash claim is missing!") else if c_hash_from_token not in expected_hashes: # Reject the token - c_hash does not match any known values print("Error: Invalid c_hash value!") else: # Token is valid, proceed with login print("Token validated successfully.")Important: This is a simplified example. Your actual implementation will depend on the authentication library you’re using (e.g., Auth0 SDKs, Okta libraries, etc.). Consult your library’s documentation for specific methods to verify token signatures and claims.
- Metadata Updates
- IdP metadata can change over time. Regularly update the
c_hashvalues you store in your application to reflect these changes. - Automate this process if possible, or at least have a scheduled task to check for updates.
- IdP metadata can change over time. Regularly update the
- Consider Token Signature Verification
- While
c_hashis important, it’s not a replacement for proper token signature verification (using JWT libraries). Always verify the token’s signature to ensure it hasn’t been tampered with.
- While
Further Security Considerations
- cyber security best practice: Implement robust logging and monitoring to detect suspicious login attempts, including failed
c_hashvalidations. - Review your authentication library’s documentation for specific recommendations on IdP MixUp prevention.