My scenario is I have an existing frontend react project that authenticates with SSO using MSAL. This results in the frontend having a JWT token in it's session storage that contains the relevant signed information about the user. I need to create a backend REST API in Django that will be the backend to the react project.
My question is: can I send the JWT token to the backend, check for a valid signature, and if it is valid use it to create a user in the database associated with that email? I'm not the most familiar with authentication methods and I'm struggling to find documentation that matches my use case.
Although in my particular use case I'm implementing this in Django and React, my question is more on is this authentication method okay from a theoretical perspective?
Any advice is appreciated.