Validating cas access-token signature

[Amir Kadoorie]

Hello,

I'm using CAS oidc and get an access-token in the following format:

AT-6-8Hm-Vxr28AycC7X-FzhyWhXXrEYD7LMI

As I'm familiar with jwt access-tokens, I failed to find any significant information about access-tokens of the above standard/format (is it called "id token"?)

I assume that its signed but not 100% sure (as I didn't find any info regarding the standard).

When I have the token, I would like to validate its signature.

I know that I can get the public key from ../oidc/jwks but the question is how do I use it to verify that the token is properly signed.

Any reference or explanation about this kind of id-token and its signing validation, are welcome.

Thank you!