Hi, I’ve a Amazon Web service structure, and I need to verify the acces_token given with a secure system. I could check token with https://[SITE].auth0.com/.well-known/jwks.json, but it’s public access, and “someone” may fake this validation with the token given, the URL and Postman, for example. Is there any endpoint or method, wich sending the JWT, could internally validate the legitimacy of the user?
Is your API in AWS API Gateway? If so, we have exact requirement.
We have a RESTful API in AWS API gateway and we want to protect it using Auth0 M2M flow.
When we started implementing, even we thought there would be an Auth0 endpoint to validate accessToken, but as you pointed out we will have to write our own validation logic using jwt.io APIs.
Regarding you question, the code which validates the access token will reside as a Lambda function (Custom Lambda authorizer) inside AWS and it is AWS which calls it to verify request is a legitimate one or not.
I am not sure how one can fake it and create an issue. Please provide more information if I am missing something.