if ( @$jwt['at_hash'] ) {
    // Verify access token
    $hash = hash('sha256', $access_token);
    $ath = substr($hash, 0, strlen($hash) / 2);
    $encryptionUtil = new \OAuth2\Encryption\Jwt();
    $ath = $encryptionUtil->urlSafeB64Encode($ath);
    if ( $ath !== $jwt['at_hash'] ) {
        // Token request error
        exit ('Access Token not valid');
    }       
}