oidc-token-hash creates and validates OpenID Connect ID Token `*_hash` claims like `at_hash` and `c_hash`. It can generate the expected hash values and verify that a received `*_hash` matches the corresponding token, using the hash algorithm specified by the ID Token JOSE header `alg`.
Project status
- Actively maintained: The repository has recent activity (latest upstream push on 2026-05-22) and tagged
v5.xupdates continued through late 2025, indicating ongoing maintenance rather than a frozen codebase. - Apparent update cadence: Based on the tagged updates provided, updates arrived at roughly 4 to 5 month intervals (v5.1.0 on 2025-02-21, v5.1.1 on 2025-07-31, v5.2.0 on 2025-11-04).
AI summary generated Today
Recent updates
v5.2.0
7 months agoThis release primarily adds support for the ML-DSA JWS Algorithm Identifiers (ML-DSA-44, ML-DSA-65, ML-DSA-87) when generating and validating OIDC id_token _hash values. The implementation maps these algorithms to shake256 with a fixed output length, and corresponding test vectors and README documentation were updated. No publisher release notes were provided.
Featuresv5.1.1
10 months agoRelease v5.1.1 makes a small internal change around Ed448 hashing and updates CI workflow permissions. The code diff shows the library no longer conditionally checks for Node.js shake256 availability before using crypto.createHash('shake256').
Breakingv5.1.0
2/21/2025The publisher did not provide any release notes for v5.1.0, so there is no documented information about new functionality, fixes, or breaking changes. Developers should review the repository diff and changelog/commit history for this version to determine upgrade impact.