Before retrieving authorized resource, how do I validate that my Access token / jwt token is valid in the correct and that I should proceed in Oauth2 flow?

Before retrieving authorized resource, how do I validate that my Access token / jwt token is valid in the correct and that I should proceed in oauth2 flow?Let’s say my backend api is going to retrieve some animal data to the front end, I have set up a middleware that check if you are authorized before it call on _next() which do the actual request, if not authorized then it will return 401.What I’m wondering about is that I have a express server that has a validate endpoint. This endpoint is sending the jwt / access token to the authentication server, which either returns a decoded jwt / access token or 401 / exception if access token was not valid.Do backend actually need to do something more of the validatation of this token? Or is it enough that my express server send the token to with server and retrieve the decoded access token? What is the minimum requirement on both express server validate or middleware handling in the backend?

Submitted September 30, 2020 at 09:02AM by exilen