For retrieving an OAuth / OpenID Connect token, the function authorize_access_token is used in the authlib docs. OAuth providers like Google strongly advise to manually verify these tokens, for example by checking the expiry date.
Where is the documentation on authorize_access_token? I can't find anything on the website. Does the function verify the token automatically or do I have to do that myself?
from Does authorize_access_token also verify an id token?
No comments:
Post a Comment