I have fixed AbstractCipherExecutor and EncodingUtils to support ECDSA. But now I am facing another problem.
Oauth2 access token is generated twice, first in OAuth20JwtAccessTokenEncoder and the second OidcIdTokenGeneratorService, and the second output is used to calculate at_hash in OIDC id_token
OidcIdTokenGeneratorService. Now the problem is for ECDSA, a noune is required to generates a signature. Therefore, even for identical input,
signature output is difference every time.
Therefore, to support ECDSA, the access token in OidcIdTokenGeneratorService must NOT be re-generated, but rather taken from the output of OAuth20JwtAccessTokenEncoder, otherwise at_hash would be broken. I really need help now, since the code flow seems do not support such operation.