Hello @Vyom Sharma ,
Thanks for reaching out.
When your API receives an access token, it must validate the signature to prove that the token is authentic. Your API must also validate a few claims in the token to prove that it is valid. Depending on the scenario requirements, the claims validated by an application can vary, but your application must perform some common claim validations in every scenario.
A registered application receives tokens and communicates with Azure AD B2C by sending requests to these endpoints:
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/authorize
https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/oauth2/v2.0/token
To learn more about tokens in Azure Active Directory B2C refer :https://learn.microsoft.com/en-us/azure/active-directory-b2c/tokens-overview
Hope this helps.
-----
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.