I’m working on a rest api for a mobile app, where authentication is done via an
Authentication: Bearer <access_token> for every request to rest api.
Initially, I’m able get the access token and refresh token from auth server(which was written in phoenix). In the access token and renew token, user details are embedded through some salt key… I’m able to verify and retrieve user info from the tokens on auth server using some cryptography verify function.
My actual question is, how should I verify the bearer token on resource rest api server? Should I share the same salt key that was used in auth server to verify and then send user related data?
I would grateful if somebody could help me understand the concept. Thank you!