at the moment I did following:
I have a React Frontend (SPA) and I followed the tutorial till the point where I receive an accessToken, idToken and expiry date. The refresh mechanism in frontend works.
I set now an accessToken to the header with very request I fire to my API. The header is basically the accessToken NOT the idToken.
Now -> how do I verify that the accessToken is a correct one on the API site? Basically I use an AuthorizationFilter with Java and a typical SecurityConfig (Spring Security).
When I make requests to userInfo I end up with too many requests.
Unfortunately I’m a bit confused on how to do this and would greatly appreciate help.