Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Validating access tokens #44

Open
ctron opened this issue Jul 27, 2023 · 2 comments
Open

Validating access tokens #44

ctron opened this issue Jul 27, 2023 · 2 comments

Comments

@ctron
Copy link
Contributor

ctron commented Jul 27, 2023

I noticed that the validate_token function does validate an id token. On the backend, shouldn't there be a way to validate access tokens?
@kilork
Copy link
Owner

kilork commented Sep 17, 2023

I would like to check information on topic

https://auth0.com/docs/secure/tokens

@teohhanhui
Copy link

I believe this can reasonably be done for access tokens that conform to RFC 9068 - JSON Web Token (JWT) Profile for OAuth 2.0 Access Tokens

Otherwise the access token can only be treated as an opaque token, so there's no way to validate them whatsoever, other than using them in requests to the resource server...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kilork @ctron @teohhanhui