Hey everyone,
Building a custom React widget that needs to talk to our internal APIs using the Genesys Cloud session token. I’m using the implicit grant flow and getting the JWT back in the URL hash. I need to validate it client-side before making calls, but I’m not sure if I should decode it manually or use a library.
Here’s how I’m extracting the token:
const token = window.location.hash.match(/access_token=([^&]*)/)[1];
Is there a standard way to verify the signature or expiry in the browser? I tried jwt-decode but that doesn’t check the signature, which feels risky. Any code examples for validating the token structure before using it?