I am looking for a way to validate an ID token without calling the IdP. The client app and the IdP run inside a controlled environment. For this reason, I want to validate the access token from OIDC, provided by Keycloak, direct in my Middleware. For performance reasons I dont want to call the OIDC endpoint from Keycloak again to validate an existing id/access token.
Is this possible? What for information does the middleware need?
PS I am looking for an PHP implementation :)