I am using thinktecture identity server v3. I created web application and web api service. when I am accessing the web application, I got the access token from identity server. I used this token as bearer token to communicate with web api. Everything works fine.
But I noticed that at api server, for every request with access token, it automatically calls the identity server. If the idenity server is up, then it served otherwise it gives unauthorize error.
- What is the purpose of this call?
- What data it carries with the call?
- If it is for validating the authority, it will more burden to the identity server.
- Is it possible to skip this call?