29Oca
Validating JWT in server-to-auth-server scenario
The main question here is: If you are using a backend server to authenticate a user with a third party provider such as Auth0, do you need to validate the JWT received in this scenario?
I am looking at the example custom login from Auth0 here: https://github.com/auth0-samples/auth0-aspnet-owin-mvc-samples/blob/master/Samples/custom-login/MvcApplication/MvcApplication/Controllers/AccountController.cs
I see the token is received and the claim information parsed into cookie but it is never validated, is this correct?
