There’s no verify url any more. When you get the token, it contains the user id in what’s known as a jwt. This is your access token.
$jwtexplode=json_decode(base64_decode(str_replace('_', '/', str_replace('-','+',explode('.',$accesstoken )[1]))));
$charactername=$jwtexplode->name;
$characterid=explode(":",$jwtexplode->sub)[2];
Now, you could go and verify it. But as you’re getting it direct from CCP, that’s not exactly a requirement 