JWT at_hash not generated

[bdegoy]

trafficstars

Hi, I may have missed something, but I don't find how to generate at_hash claim in IdToken, despite it is planed in IdToken::createIDToken. Thanks for your Help!

What I understand by examining the code of the library is that the declaration at_hash is generated only as part of the implicit flow (response type id_token token). I would like to have it as part of the Authorization Code flow, but the identity token appears generated with id_token = null. Indeed, if I understand correctly, the Token ID is generated before access token, and I do not see how to insert at_hash afterwards. I would be very happy if someone could answer that question. Regards, BD