Simplify JWT validation

We currently validate the JWT access token using Authlib's JOSE to [decode](https://docs.authlib.org/en/latest/jose/jwt.html#jwt-decode) and [validate claims](https://docs.authlib.org/en/latest/jose/jwt.html#jwt-payload-claims-validation).

Authlib also provides [JWTBearerTokenValidator](https://docs.authlib.org/en/latest/specs/rfc9068.html#authlib.oauth2.rfc9068.JWTBearerTokenValidator) that can perform both of these functions against a more rigorous set of constraints. It is typically used to [protect resources](https://docs.authlib.org/en/latest/flask/2/resource-server.html) in a framework-specific manner, so we would ideally need a [FastAPI resource protector](https://github.com/authlib/authlib/issues/775) implementation.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Simplify JWT validation #62

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Simplify JWT validation #62

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions