Nodejs login example verification

I am looking at this example: auth0-nodejs-webapp-sample/app.js at master · auth0-samples/auth0-nodejs-webapp-sample · GitHub

My intended application is based on this example and will make use of the ID Token to get hold of the user’s details retrieved during the callback which happend just after the login.

My question is: In this example it does not look like the ID Token’s signature has been verified nor cached (just extracted) in this particular example. Do I need to verify the signature of this ID Token received from the callback or is it imposisble the get an untrusted ID Token in this scenario?

Hey there!

Sorry for such huge delay in response! We’re doing our best in providing you with best developer support experience out there, but sometimes our bandwidth is not enough comparing to the number of incoming questions.

Wanted to reach out to know if you still require further assistance?