How could I bypass the at_hash check for the refresh token request, when the returned access token does not contain at_hash
This can happen for example using Microsoft Azure, where at_hash is present only in the authorization code, not in the access token.
How could I bypass the at_hash check for the refresh token request, when the returned access token does not contain at_hash This can happen for example using Microsoft Azure, where at_hash is present only in the authorization code, not in the access token.
https://learn.microsoft.com/en-us/entra/identity-platform/id-token-claims-reference
As with the refresh token request, I noticed that after a new access token is obtained, at_hash is set as a mandatory claim and checked against it.
In this case the error is the following:
Is there any way to get over this error? Thank you!