diff --git a/changelog.d/18385.misc b/changelog.d/18385.misc
new file mode 100644
index 000000000..a8efca68d
--- /dev/null
+++ b/changelog.d/18385.misc
@@ -0,0 +1 @@
+Don't validate the `at_hash` (access token hash) field in OIDC ID Tokens if we don't end up actually using the OIDC Access Token.
\ No newline at end of file
diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
index fb759172b..acf2d4bc8 100644
--- a/synapse/handlers/oidc.py
+++ b/synapse/handlers/oidc.py
@@ -599,7 +599,7 @@ class OidcProvider:
         # from the userinfo endpoint. Therefore we only have a single criteria
         # to check right now but this may change in the future and this function
         # should be updated if more usages are introduced.
-        # 
+        #
         # For example, if we start to use the access_token given to us by the
         # IdP for more things, such as accessing Resource Server APIs.
         return self._uses_userinfo