How to verify a if access token

Hi! I wonder how I can verify that the access token is still a valid token if I use a Opaque Token.
Is the only way to call the userinfo endpoint and see if we get a successfull respons?

Im creating a auth0-auth-proxy for a load balancer, where the proxy check if a request is for a protected resource and if it is, verify that the user has a valid access token and a valid jwt_token, this works nicely with JWT tokens for API’s.

When verifying that a Opaque Access Token is valid, it seems like the only way is to call the /userinfo to check if the user has a valid session? That will probably be a problem for me because rate limits of the API on the free tier, and also performance because every http request that the proxy need to validate also needs a call to the /userinfo service to validate the accessToken.

Any advice?

Hi @daniel7,

Welcome to the Auth0 Community Forum!

Take a look at this FAQ about access tokens I just drafted:

In short, you will not be able to verify an opaque token, you will want a JWT.

Hope this helps!

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.