After decrypting the JWT received from request on your side, you can:

1. validate epoch time (iat) to check if it is not expired
2. validate the client using its (name)
3. validate the secret received from token, it should be same as given to particular client