SuperTokens is an open source authentication solution offering features like: Different types of login: Email / password, Passwordless (OTP or Magic link based).

SuperTokens.com

<@!498057949541826571> I am doing that, but on a higher level. I have an GQL Federation server (which also exposes the supertokens apis, so I have access to `verifySession`) but then I'm passing the JWT forward to the federated GQL servers and I would like to validate the token there as well for an added layer of security. Since it's a different lambda function I can't use `verifySession`. I thought maybe it's possible to decode/validate the JWT on the federated service by using the `jwt/jwk.json` GET request or something, but JWKs are a big unknown to me