Hiya. You can validate this token using any JWT library, as Id Tokens are valid JSON Web Tokens.

I'm not sure what language you are using, but here's an example for java using the fusionauth-jwt library:

List<JSONWebKey> keys = JSONWebKeySetHelper.retrieveKeysFromJWKS("https://www.googleapis.com/oauth2/v3/certs"); Map<String, Verifier> publicKeyVerifiers = new HashMap<String,Verifier>(); for (JSONWebKey key : keys) { String publicKey = key.x5c.get(0); Verifier verifier = RSAVerifier.newVerifier(publicKey); // assuming all keys are RSA. You could switch on type as well. String kid = key.kid; publicKeyVerifiers.put(kid, verifier); } // Verify and decode the encoded string JWT to a rich object JWT jwt2 = JWT.getDecoder().decode(encodedJWT, publicKeyVerifiers); // make sure the aud and issuer are as expected if (jwt2.audience.equals("gge44ab3-027f-47c5-bb07-8dd8ab37a2d3") && jwt2.issuer.equals("www.acme.com") && (jwt.expiration.toEpochSecond() > (System.currentTimeMillis()/1000) )) { // valid id token }

Hope this helps.