Hello! Does the React SDK (@auth0/auth0-react 1.3.0) automatically validate ID Tokens returned from a successful login in the authorization_grant flow?
I’m currently able to read authenticated user data via the user property exposed by useAuth0 const { user } = useAuth0()
, and my understanding is that this data is coming from the decrypted ID Token jwt, my assumption is that the SDK is validating the jwt for me, which is quite nice.
I’m asking because the Auth0 docs suggest that ID Tokens should be validated, and I’m unable to find any concrete documentation in the SDK about whether this is already happening.
Thanks!