oidc-token-hash validates (and generates) ID Token claims like at_hash or c_hash for OpenID Clients and Providers.
Validating
const oidcTokenHash = require('oidc-token-hash');
const at_hash = 'x7vk7f6BvQj0jQHYFIk4ag';
const access_token = 'YmJiZTAwYmYtMzgyOC00NzhkLTkyOTItNjJjNDM3MGYzOWIy9sFhvH8K_x8UIHj1osisS57f5DduL-ar_qw5jl3lthwpMjm283aVMQXDmoqqqydDSqJfbhptzw8rUVwkuQbolw';
oidcTokenHash(at_hash, access_token); // => true
oidcTokenHash(at_hash, 'foobar'); // => false
oidcTokenHash.valid('foobar', access_token); // => false
Generating
// access_token from first example
oidcTokenHash.generate(access_token); // => 'x7vk7f6BvQj0jQHYFIk4ag'
oidcTokenHash.generate(access_token, 384); // => 'ups_76_7CCye_J1WIyGHKVG7AAs2olYm'
oidcTokenHash.generate(access_token, 512); // => 'EGEAhGYyfuwDaVTifvrWSoD5MSy_5hZPy6I7Vm-7pTQ'