at_hash value of JWT token is incorrectly calculated

[a-mroz]

Apparently, at_hash value for JWT token is improperly calculated – instead of using base64url it's using base64 function. I encountered this issue when I tried to integrate OIDC using express-openid-connect library and openid-client – a certified library for node.js.

Please see the details here: auth0/express-openid-connect#382

I re-checked it using fiware/idm:latest docker image – the problem still persists.

[a-mroz]

The issue seems to be in here: https://github.com/ging/node-oauth2-server/blob/b6891e6b524fedae9c99b8a661f4ae9d87eea224/lib/utils/token-util.js#L39

[bgramaje]

Any comment on this? I cant connect towards Keyorck using Nextjs + next-auth.

Any workaround to solve the problem?