When trying to independently verify the at_hash value of an access token the produced signature does not match the decoded value.
OAuth Toolkit 4.x
API Gateway 9.x
The at_hash value is a secure hash of the access token. The OpenID specification states:
"Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and base64url encode them. The at_hash value is a case sensitive string."
It is important to note that the hash must be generated on the octets (ie: raw bytes) of the ASCII representation of the access_token value. Simply hashing the ASCII representation will produce a different and incorrect value.
You can calculate the SHA-256 digest and returns the value as a byte to ensure you are operating on the correct data. You can then take the left-most 128 bits (16bytes) and base64url encode those to generate the proper hash.
If you are using JWT access tokens, this hash must be performed on the JTI claim of the JWT. This value contains the UUID representation of the access token. Hashing the entire JWT will produce an invalid value.
"scope": "openid email profile",
"preferred_username": "[email protected]",
"name": "A User",
"email": "[email protected]"