Currently, opaque access tokens are used and clients have to validate this token via ratify's API every time. To allow the use of JWT access tokens, a .well-known endpoint with entry to the JWKS needs to be added to let the clients validate the tokens locally.
Currently, opaque access tokens are used and clients have to validate this token via ratify's API every time. To allow the use of JWT access tokens, a
.well-knownendpoint with entry to the JWKS needs to be added to let the clients validate the tokens locally.