Hi all,
I am currently implementing an API in which I understand the best practice is to secure using an access token rather than an id token. I am currently unsure about how to validate the access token. The documentation here claims that the access token should be a valid JWT, though the token I am seeing is not (It is a 32 character string without clear sections for the header, payload and signature). The documentation is quite confusing so could someone please provide some advice on the correct way to validate the provided access token to authenticate API endpoints (I am currently using FastAPI)?
Thanks,
William