how to validate an IdToken #365
Replies: 2 comments 1 reply
-
|
The client automatically validates ID Tokens when they're received. |
Beta Was this translation helpful? Give feedback.
-
|
The use case is: an SPA receives the callback from the IdP and uses the IdToken for the backend API. The backend just want to know who is accessing the resources. So it wants to verify the IdToken (sent by the SPA). I want to use openid-client to fetch the oidc configuration and the jwks need help to verify the IdToken. |
Beta Was this translation helpful? Give feedback.
-
|
You should not be using the ID Token to access resources in the first place. Kindly give https://datatracker.ietf.org/doc/html/draft-ietf-oauth-browser-based-apps a read to find a better fitting pattern. |
Beta Was this translation helpful? Give feedback.
-
Hi,
is there an easy way to verify an idToken in nodejs ?
I'd like to do my own validation but checking the signature would be nice. Any ideas how to do this?
I hope Client could decode and verify an IdToken but didn't find a way.
Beta Was this translation helpful? Give feedback.
All reactions