Hi, How do I verify that an access token and a id-token is actually related? I see that google has a hash of the access token related to the id token as a claim to be able to check that they are related to each other. Has Auth0 something similar? I’m creating a auth proxy server for a load balanc…

dan.woda September 17, 2019, 9:34pm 2

I am assuming this is somewhat related to your other topic.

If you get a JWT rather than an opaque token, you can verify the user of the token via the sub claim.

See JWT claims here:

Hope this helps!

Dan

1 Like

Verify that the access token and id token is actually related to each other