Hi supertokens teams
I'd like to know if it is possible to verify the signature of an access token on client side (it's a main app server) ?
I've retrieved the jwks, the access token but I cannot match both.
r
rp
01/20/2023, 12:35 PM
hey @samuel-qosenergy
you should use our backend SDK's verifySession function to verify the access token
s
samuel-qosenergy
01/20/2023, 12:38 PM
Hello
Yes, I saw that but I'd like to do it outside the backend in order not to call the api too frequently
r
rp
01/20/2023, 12:40 PM
verifySession is stateless
so it doesn't call the API
anyway, if you want to use a JWT lib, you should not use the sAccessToken cookie directly for JWT verification, but instead extract the JWT from the session on the frontend (See our docs for how to do that), and then send the JWT as an authorization bearer token to the backend and pass that into the JWT verification lib. That should work