Hi there, Am using the angular application. Well, the question I had is validating id_token signature is mandatory as part of the OpenID standard? I know it’s mandatory but checking with experts one more time to make sure it’s not optional.
You don’t really need to do token validation in your frontend. We recently did a Twitch stream about token validation for frontend frameworks and uploaded it to YouTube. You might find it useful.
It’s a bit unclear from the video, the ask was about Id_token signature validation at front end required or not, not about the access_token? We use id_token to extract the user identity and access_tk to call backend services.
You don’t need to parse and validate the ID token in your frontend. It’s simply not necessary.