Hi supertokens teams I d like to know if it is possible to v

Question

Hi supertokens teams I d like to know if it is possible to verify the signature of an access token on client side it s a main app server I ve retrieved the jwks the access token but I cannot match both

rp · Answer

hey < samuel qosenergy>

rp · Answer

you should use our backend SDK s verifySession function to verify the access token

samuel-qosenergy · Answer

Hello Yes I saw that but I d like to do it outside the backend in order not to call the api too frequently

rp · Answer

verifySession is stateless

rp · Answer

so it doesn t call the API

rp · Answer

anyway if you want to use a JWT lib you should not use the sAccessToken cookie directly for JWT verification but instead extract the JWT from the session on the frontend See our docs for how to do that and then send the JWT as an authorization bearer token to the backend and pass that into the JWT verification lib That should work

samuel-qosenergy · Answer

ok we found a solution using this feature https supertokens com docs passwordless common customizations sessions with jwt enabling jwts enable jwt feature a jwt is automatically added to the access token payload and the signature of this sub token can be checked using the jwks so the content of this sub token can be used by any client using an external session not sure its the best way to proceed but it works

rp · Answer

yea this is fine