I have an SPA and a backend service which I would like to follow this flow: https://auth0.com/docs/flows/concepts/single-page-login-flow
Everything is working except for what happens between Step 6 and Step 7. When my backend receives the access token from the browser, how does the backend validate that access token? I assume, that the backend doesn’t make a call to Auth0 to validate that token because there is no arrow back to Auth0 after Step 6. So, how does the backend know that the token it received is valid?