Hi! I wonder how I can verify that the access token is still a valid token if I use a Opaque Token.
Is the only way to call the userinfo endpoint and see if we get a successfull respons?
Im creating a auth0-auth-proxy for a load balancer, where the proxy check if a request is for a protected resource and if it is, verify that the user has a valid access token and a valid jwt_token, this works nicely with JWT tokens for API’s.
When verifying that a Opaque Access Token is valid, it seems like the only way is to call the /userinfo to check if the user has a valid session? That will probably be a problem for me because rate limits of the API on the free tier, and also performance because every http request that the proxy need to validate also needs a call to the /userinfo service to validate the accessToken.