Forum Discussion
Marvin
Aug 06, 2021Cirrocumulus
The answer is to use the JWKS endpoint and verify the JWT kid signature value and perform a modulus check. So there is no need to contact the introspect endpoint.
https://medium.com/trabe/validate-jwt-tokens-using-jwks-in-java-214f7014b5cf
https://software-factotum.medium.com/validating-rsa-signature-for-a-jws-10229fb46bbf