U shouldn’t treat the access token as a JWT.