Why doesn't it provide a simple method of using a rest API to validate the limited token for the server side, rather than requiring us to learn about the encryption algorithm to evaluate it ourselves?
The should be an AI on the API side that does all the work for you if a simple signature check is too complicated 😄