I have a OIDC client witha authorization code flow. The ID token validation fails on the client side, because the c_hash claim is missing from the ID token. According to the Okto documentation, it should be in the payload: "c_hashThe base64URL-encoded first 128-bits of the SHA-256 hash of the authorization code. This is only returned if an authorization code is also returned with the ID Token."
Can you please provide us with a bit of details regarding your setup? As it stands I`m not able to understand where the issue might be. To ensure a fast resolution I would suggest to check with our support or developer team by logging a case, add as much information as possible on it and an answer should be found for your issue.