You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Added a new doc page related to Token Introspection Endpoint.
The documentation includes some introduction with links to the related RFCs and examples.
The `OAuth 2.0 Authorization Framework <https://tools.ietf.org/html/rfc6749>`_ extends its scope with many other speficications. One of these is the `OAuth 2.0 Token Introspection (RFC 7662) <https://tools.ietf.org/html/rfc7662>`_ which defines a protocol that allows authorized protected resources to query the authorization server to determine the set of metadata for a given token that was presented to them by an OAuth 2.0 client.
7
+
8
+
Client Setup
9
+
====
10
+
In order to enable this feature, some configurations must be performed in the ``Client``.
11
+
12
+
- The scope key:``token_introspection`` must be added to the client's scope.
13
+
14
+
If ``OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE`` is set to ``True`` then:
15
+
16
+
- The ``client_id`` must be added to the client's scope.
17
+
18
+
Introspection Endpoint
19
+
====
20
+
The introspection endpoint ``(/introspect)`` is an OAuth 2.0 endpoint that takes a parameter representing an OAuth 2.0 token and returns a JSON document representing the meta information surrounding the token.
21
+
22
+
The introspection endpoint its called using an HTTP POST request with parameters sent as *"application/x-www-form-urlencoded"* and **Basic authentication** (``base64(client_id:client_secret``).
23
+
24
+
Parameters:
25
+
26
+
* ``token``
27
+
REQUIRED. The string value of an ``access_token`` previously issued.
0 commit comments