So As I understand it you recco0mmend using my user’s authentication token to validate calls to my APIs. Is there a way I can validate from my API server that a given token is valid (and ideally which sub ID it belongs to)?
From your description you’re trying to leverage API authorization functionality so a good starting point would be to check the information available at (Authentication and Authorization Flows) and links specific to your scenario (SPA client application, mobile client application, etc).
In addition, the information at (Validate Access Tokens) would be particularly relevant for how to validate an access token issued for a custom API. After validation you can use the value of the sub
claim to identifier the user for who the call is being made.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.