Missing c_hash from ID Token Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Adam TaskasAdam Taskas 

Missing c_hash from ID Token


I have a OIDC client witha authorization code flow.
The ID token validation fails on the client side, because the c_hash claim is missing from the ID token. 
According to the Okto documentation, it should be in the payload:
"c_hashThe base64URL-encoded first 128-bits of the SHA-256 hash of the authorization code. This is only returned if an authorization code is also returned with the ID Token."

Any idea?

Valentin NituValentin Nitu (Okta, Inc.)
Hey Adam,

Can you please provide us with a bit of details regarding your setup? As it stands I`m not able to understand where the issue might be. 
To ensure a fast resolution I would suggest to check with our support or developer team by logging a case, add as much information as possible on it and an answer should be found for your issue.