79832233

Date: 2025-11-28 04:02:47
Score: 3
Natty:
Report link

@Evert So in short, access token isn't required to be JWT, but ID token is.

If the access token is not JWT, then how can my backend verify it? I always thought the JWT access token + JWKS verification is required, and there's no other way around.

Reasons:
  • Low length (0.5):
  • No code block (0.5):
  • Contains question mark (0.5):
  • User mentioned (1): @Evert
  • Self-answer (0.5):
Posted by: Minh Nghĩa