While querying /tokeninfo API endpoint with an id_token I receive HTTP status 401 and unauthorized response. What is the real reason of such a response? Has the id_token expired? has it been invalidated?
You can validate the id_token by verifying the signature of id_token and also validate the id_token claims. Please refer to this document for more details https://auth0.com/docs/tokens/id-token#validate-an-id-token
I had the same issue today and after analyzing, it turned out that the token has expired.
But I see some inconsistency here.
When authenticated, I store all the details in the local storage and the value of 86400 comes as the expiry period with the authentication results.
On the other hand, in the client settings the expiry is set to 3600 seconds. And apparently, the /tokeninfo end point works based on what is set on the client .
Should these two numbers be equal?