I’m am trying to understand what specifically this package is doing to “verify” the token:
This will validate your JWT for the following:
- token expiration time
- the time it was issue at
- that the token issuer matches the expected value passed into the above helper
- that the token audience matches the expected value passed into the above helper
Does this mean that the signature of the token is checked, and then the token is decoded and these verification checks are done? or does it mean that it just decodes the token and does these checks?