In some cases, the authenticated data is subject related and when a new token is being issued for the user, the token is supposed to belong to the same user. For now it's not possible to validate an asymetric authorization token on GraphCDN side because it'd require to use the issuer public keys endpoint (e.g.:
Having the ability to configure such endpoint from GraphCDN's end would permit to validate dynamically tokens while leveraging the cache benefits.