My question: there is any way to validate if the identified token is the user's access token?