-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Access token validation #142
Comments
Hi @alex88 First of all, thanks for the issue. I'm not completely sure if you want to validate the access_token on the client or resource server (API) side. We have not yet decided whether and, if so, when we will implement it. In the meantime there are already possibilities you could use (regardless if the access_token is a JWT or an opaque string)
I hope I have been able to help you a little further. |
Hi @livio-a, sorry for the delay.. Unfortunately I ended up not using this library because I've found an easier way to handle authentication without having to build a proxy layer. Thank you a lot any way for your help! |
Closing this issue as it looks resolved/discussed. |
Is your feature request related to a problem? Please describe.
I'm trying to use the library not only for the first login but also to keep the access token in a cookie and then verify it on every request. However it seems there are only methods to verify the id token (which I don't need) and not the access token give a provider.
Describe the solution you'd like
Have a function that given an access token, validates it against the provider keys
Describe alternatives you've considered
Use the jwt package to verify it but the signing keys are private variables on the oauth config
The text was updated successfully, but these errors were encountered: