How to verify a if access token

daniel7 · September 13, 2019, 9:26am

Hi! I wonder how I can verify that the access token is still a valid token if I use a Opaque Token.
Is the only way to call the userinfo endpoint and see if we get a successfull respons?

Im creating a auth0-auth-proxy for a load balancer, where the proxy check if a request is for a protected resource and if it is, verify that the user has a valid access token and a valid jwt_token, this works nicely with JWT tokens for API’s.

When verifying that a Opaque Access Token is valid, it seems like the only way is to call the /userinfo to check if the user has a valid session? That will probably be a problem for me because rate limits of the API on the free tier, and also performance because every http request that the proxy need to validate also needs a call to the /userinfo service to validate the accessToken.

Any advice?
Daniel

dan.woda · September 17, 2019, 9:27pm

Hi @daniel7,

Welcome to the Auth0 Community Forum!

Take a look at this FAQ about access tokens I just drafted:

In short, you will not be able to verify an opaque token, you will want a JWT.

Hope this helps!
Dan

dan.woda · October 2, 2019, 1:27am

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Why Access Token Is Not a JWT (Opaque Token) Knowledge Articles jwt , access_token , access-token	1	42348	September 17, 2019
Auth0 access token missing returns only opaque Help auth0 , login	2	2229	September 10, 2022
Verifying token in Azure API Management (APIM) Help login-experience , new-universal-login-experience	2	1227	December 14, 2023
How to use opaque token in Flask Backend? Help angular , auth0 , flask	2	3688	June 3, 2021
Verifying access_token inside API Help access-token	2	4182	March 2, 2018

How to verify a if access token

Related topics