pub fn compose_id_token_source_id(
azp_hint: Option<&str>,
aud_hint: Option<&str>,
kid_hint: Option<&str>,
) -> StringExpand description
Phase 10.11.D δ2 — id_token compound source key from azp ‖ aud ‖ kid.
Sibling of compose_source_id for the RP-side id_token verify
pipeline. Three components give strongest discrimination for
log-flood DoS prevention: the canonical authorized party (azp),
the audience (aud, first element when array), and the signing key
(kid). Sentinels "anon" / "noaud" / "nokid" collapse
anonymous rejections into canonical buckets.
Used by AuditEvent::from_id_token_hints to derive source_id;
boundary tests reference it to construct expected keys without
building a full event first.