I know how to validate Access Tokens and ID Tokens and can do it myself, but are there recommended validation libraries?
Ideally in Node, PHP, and Python…
I’m assuming you are wanting to do validation all server-side. I would recommend using the token introspection endpoint (https://developer.okta.com/docs/api/resources/oauth2.html#introspection-request). It will help validate the token and tell if it has been revoked.
For libraries (local validation, without a roundtrip to the introspection endpoint):
Python: https://github.com/jpadilla/pyjwt
Java: https://github.com/jwtk/jjwt
.NET: https://github.com/jwt-dotnet/jwt
Node: https://github.com/jwtk/njwt
PHP: https://github.com/firebase/php-jwt
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.