I have a react single page app working to login and I get the token with the following method:
const token = await getAccessTokenSilently();
I then pass this token into a back end python server but I need to make sure that token is validated. I don’t care about the audience, just it’s a valid token that’s not expired. I can’t seem to find any answers in the forum or the docs to this problem.
I am sorry about the delayed response to your inquiry.
Once your backend received the token, you will need to validate it using a Third Party JWT Library and chekc it against the public keys provided by Auth0. These keys can be accessed via the https://{auth0_domain}/.well-known/jwks.json endpoint of your tenant.
Also, many of the frameworks include a middleware that can handle JWT validation and it is usually the best approach.
You can also manually validate the JWT token, however, our recommendation would be to use one of the other two approached. Otherwise, you can read more about JWT validation in our documentation.
If you have any other questions, let me know!
Kind Regards,
Nik
I can’t recall exactly where I found the info but the trick was having to create an API so I could define the audience. It seemed like I needed to connect this to an a react app but that ended up being not possible and also not the case. Just making the API and using it as the reference in the JWT verification was required so I could use the jose_jwt library and decode method for verification.