I used authlib to create /login and /callback route together with Keycloak. Now I would like to protect my routes. I'm using FastAPI and there is an example in the docs:

https://github.com/authlib/demo-oauth-client/blob/master/fastapi-google-login/app.py

However I don't want to use a session. I want to verify the access_token and the id_token for stateless authentication.

For some more important routes I would like to use statefull verification with keykloak and use the refresh_token to issue a new id_token and access_token.

But I can't find any documentation how to do this properly with Authlib. Any pointers????