Generic token verifier for handling access_tokens

[wontonst]

Checklist

• [X] I have looked into the Readme and Examples, and have not found a suitable solution or answer.
• [X] I have looked into the API documentation and have not found a suitable solution or answer.
• [X] I have searched the issues and have not found a suitable solution or answer.
• [X] I have searched the Auth0 Community forums and have not found a suitable solution or answer.
• [X] I agree to the terms within the Auth0 Code of Conduct.

Describe the problem you'd like to have solved

See the ask in https://github.com/auth0/auth0-python/issues/453

I want to use this SDK for verifying the access_token on the resource server.

Describe the ideal solution

The PHP SDK has this solution https://github.com/auth0/auth0-PHP/pull/428 I think we can do something similar here.

Alternatives and current workarounds

I am doing

class AccessTokenVerifier(TokenVerifier):
    """
    Disgusting hack to get TokenVerifier to work. TokenVerifier is made for the id_token and auth0
    does not give us an access_token verifier. Proper handling of azp differs across id_token and
    access_token, hence requiring this hack where we force the azp to the app_identifier.
    https://github.com/auth0/ruby-auth0/issues/363
    """
    def _verify_payload(self, *args, **kwargs):
        args[0]['azp'] = AUTH0_AUDIENCE
        super()._verify_payload(*args, **kwargs)

Additional context

No response

[ayharano]

While investigating issues related to an Auth0 access token using this package, I came across a StackOverflow answer from 2016 that may be relevant.

This answer led me to a discussion on the OIDC WG, where there appears to have been some changes regarding the handling of the azp claim.

I'm unsure of the extent to which this impacts the current feature request, but I thought it might be useful to bring this to attention.