Access token not verified in the credential endpoint implementation
TimoGlastra opened this issue · 1 comments
TimoGlastra commented
When looking at the credential endpoint implementation in the issuer-rest package, I couldn't find any code related to the validation of the access token generated in the access token endpoint.
This endpoint should verify the bearer authorization token passed in the header.
I might be missing where this is happening, so in that case, please point me to the file where this is handled (I'm looking for some util functions I may be able to re-use for the Credo endpoint implementation)
nklomp commented
Yeah, totally forgot about it, it seems 🤦