'How best to validate a JWT from Auth0

I'm currently having users login to my site using Auth0's redirect functionality. It's great, but my past experince with google's oAuth tells me there's a problem. With my other site, we do the same login, the user gets a JWT and posts that to my API server. My API server then takes that token and contacts google to ensure this is actually a token that they made. And THEN, I give them a Bearer code that they can use for when they want to access the database.

With Auth0, I can't seem to find any way to contact them from my API server and say, "Hey, someone sent me this token, it checks out that it isn't corrupted, is for a data that is in the future and it says you are the issuer and it has the proper Auth0 client id. So, did you issue this?"

I must be missing something.

Thanks everyone.

jwtauth0


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to use JWT with WebSocketChannel in Flutter

Spring Security: How to use a UserDetailsService with JwtAuthenticationProvider?

Verify a JWT token string, containing 'Bearer ' with NodeJS

How do I validate a JWT using JwtSecurityTokenHandler and a JWKS endpoint?

.NET core - Configure JWT Authentication at runtime

Is Basic Authentication a Session based authentication and why Jwt is more recommended?

Symfony 6 - lexik JWT - Authenticator does not support the request

Authorization header in img src link

Strapi JWT token lifetime?

jwt.verify not throwing error for expired tokens

Invalid Token Error: Invalid token specified: Cannot read property 'replace' of undefined?

Mixed named and unnamed function parameters

JWT "invalid_grant" in Signature in Google OAuth2

SignalR hub with Bearer authentication

How to reset Laravel AuthManager/guards in between API calls in tests?