We are following the API quickstart at:
We have it working and can hit authorized end points.
In the class SecurityConfig which does the pattern matching and authorization
Question 1 .
Does this class communicate with the Auth0 servers to validate a token that comes in ? Or does it just parse the token and check the token’s format and expiry date ?
If this is just a token parser, what is stopping people spoofing the token, i.e. create a fake token with fake credentials and a new expiry date ?