Classmates

How to check the token on the server during client authorization?

There is a native mobile application, there is a backend for it. It is necessary to give the user the opportunity to log in through Odnoklassniki.
Oauth 2 Implicit Grant is used, i.e. in a mobile application, the user passes Oauth client authorization and receives a token. After that, the token is sent to the backend, where its validity is checked, if successful, the user id is pulled out and login / registration takes place.
The question is how to check the validity of the token on the backend and that it was issued by the right application?
Facebook uses debug_token for this purpose, vk uses checkToken.
The question is partly related to Is validation of a custom token on the server side available?, but the answer did not bring clarity. If I understand correctly, then all requests from the backend will be outside the session, because the session secret key remains in the native client.
Description of the problem and solution for Facebook: https://developers.facebook.com/docs/facebook-logi...