Can the verification of jwt token be done on the client side, assuming the client has the (same) secret that the server uses to sign the tokens? Is this a good idea? Or is it necessary to ask the server? My components: 1. Web app - resource consumer 2. Resource server - Keycloak registered client, REST API, bearer-only 3. Keycloak - authorization server Thanks