diff --git a/fastapi_cloudauth/verification.py b/fastapi_cloudauth/verification.py
index 9cd94f6..4c51c9b 100644
--- a/fastapi_cloudauth/verification.py
+++ b/fastapi_cloudauth/verification.py
@@ -205,7 +205,11 @@ def _verify_claims(self, http_auth: HTTPAuthorizationCredentials) -> bool:
                 "",
                 audience=self._aud,
                 issuer=self._iss,
-                options={"verify_signature": False, "verify_sub": False},  # done
+                options={
+                    "verify_signature": False,
+                    "verify_sub": False,
+                    "verify_at_hash": False,
+                },  # done
             )
         except jwt.ExpiredSignatureError as e:
             if self.auto_error:
diff --git a/tests/test_cognito.py b/tests/test_cognito.py
index ac11402..ddea094 100644
--- a/tests/test_cognito.py
+++ b/tests/test_cognito.py
@@ -311,6 +311,7 @@ def test_extra_verify_id_token():
     # correct
     token = jwt.encode(
         {
+            "at_hash": "some-hash-that-isnt-checked",
             "sub": "dummy-ID",
             "exp": datetime.utcnow() + timedelta(hours=10),
             "iat": datetime.utcnow() - timedelta(hours=10),