@User I am doing that, but on a higher level. I have an GQL Federation server (which also exposes the supertokens apis, so I have access to

verifySession

) but then I'm passing the JWT forward to the federated GQL servers and I would like to validate the token there as well for an added layer of security. Since it's a different lambda function I can't use

verifySession

. I thought maybe it's possible to decode/validate the JWT on the federated service by using the

jwt/jwk.json

GET request or something, but JWKs are a big unknown to me