This site was built to compliment the existing NetSuite Professionals Slack Community by adding a means for members to easily find answers to common questions and to create a searchable database of those questions and answers.

NetSuite Professionals

Has anyone used the "NetSuite as OIDC Provider"?
Running into an issue where the `at_hash` (access token hash) in the identity token doesn't validate against the access token. Seems like the value is wrong; too long for what I think  it is supposed to be.

The `at_hash` ID Token claim is <http://openid.net/specs/openid-connect-core-1_0.html#CodeIDToken|defined> by OpenID Connect as such:

&gt; Access Token hash value. Its value is the base64url encoding of the left-most half of the hash of the octets of the ASCII representation of the access_token value, where the hash algorithm used is the hash algorithm used in the alg Header Parameter of the ID Token's JOSE Header. For instance, if the alg is RS256, hash the access_token value with SHA-256, then take the left-most 128 bits and base64url encode them. The at_hash value is a case sensitive string.
In the id token I'm seeing it with a string value that is 684 characters long which seems way too long to be 128 bits that are base64 encoded.