I had a question regarding how to ensure that the token that you have received as part of your api has the right and valid token?
My front end is react and when the user logs in they receive a token from auth0 which is then attached to the requests that are made to the server. Now my question is how does the server know that the jwt token has not been tempered with or someone is not impersonating as someone else by creating a valid jwt? I would have thought that ideally there is some process from the backend which makes a request to the auth0 servers with the token to ensure that the token was in fact issued by auth0? Any help with clearing my confusion would be very helpful thanks.
5 posts - 3 participants
