import { validateJwtAccessToken } from "https://deno.land/x/oauth4webapi@v2.10.0/mod.ts";
Validates use of JSON Web Token (JWT) OAuth 2.0 Access Tokens for a given Request as per RFC 9068 and optionally also RFC 9449.
This does validate the presence and type of all required claims as well as the values of the
JWTAccessTokenClaims.iss | iss
, JWTAccessTokenClaims.exp | exp
,
JWTAccessTokenClaims.aud | aud
claims.
This does NOT validate the JWTAccessTokenClaims.sub | sub
,
JWTAccessTokenClaims.jti | jti
, and JWTAccessTokenClaims.client_id | client_id
claims beyond just checking that they're present and that their type is a string. If you need to
validate these values further you would do so after this function's execution.
This does NOT validate the DPoP Proof JWT nonce. If your server indicates RS-provided nonces to clients you would check these after this function's execution.
This does NOT validate authorization claims such as scope
either, you would do so after this
function's execution.