An application receives authenticated user data in the form of a JSON Web Token (JWT) from an Amazon Cognito user pool. A developer is setting up an Amazon API Gateway API to handle requests from the application and is using the token to verify the user's identity.
Which of the following must the developer validate before the user data can be trusted?
A. The token's nonce
B. The key ID in the token's header
C. The token's signature
D. The token's issuer claim
Which of the following must the developer validate before the user data can be trusted?
A. The token's nonce
B. The key ID in the token's header
C. The token's signature
D. The token's issuer claim