This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
This is just a proposal so far, it hasn't been accepted and needs further discussion.
We can choose to provide a new validator function/middleware to check the access tokens we issue.
- Provide validation function
- Recommend std JWT validation functions/middlewares
Chosen option: Recommend std JWT validation functions/middlewares
- We need to provide guidance on validating these tokens without our SDK anyway
- No extra code/interface/things to maintain
- We can choose to add a validation function later (but removing it is harder/more breaking)
- This can be very similar to the one we recommend to validate non-OAuth2 (normal, supertokens session) access tokens
- It should use the same jwks endpoint as the jwt/st session access token validator