Yes. That’s one example. Calling the /userinfo endpoint with the Access Token. This leads me to your next question below.
I would “always” say JWT library. My question here is: why are you trying to validate the Access Token before actually using/sending it? Could you please describe your use case as detailed as possible? To me, trying to validate the Access Token before actually using the Access Token does not make much sense. i.e. it is the responsibility of the API/backend to accept or reject the Access Token. Why don’t you want to just send/use it?