Hi there, Am using the angular application. Well, the question I had is validating id_token signature is mandatory as part of the OpenID standard? I know it’s mandatory but checking with experts one more time to make sure it’s not optional.
You don’t really need to do token validation in your frontend. We recently did a Twitch stream about token validation for frontend frameworks and uploaded it to YouTube. You might find it useful.
It’s a bit unclear from the video, the ask was about Id_token signature validation at front end required or not, not about the access_token? We use id_token to extract the user identity and access_tk to call backend services.
You don’t need to parse and validate the ID token in your frontend. It’s simply not necessary.
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.