-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[RFC7662] Add introspect endpoint to introspect access & refresh token #3404
Conversation
See issue: #3387 (for linking) |
I've started the tests, but haven't finished. Would be happy to have a super quick review before doing all the tests @nabokihms 🙏 |
7fd9a91
to
12d37b8
Compare
c87eca5
to
9a55445
Compare
…n. See issue dexidp#3387 Signed-off-by: Romain Caire <[email protected]>
aaa53da
to
4e1031f
Compare
I think I've added the latests tests, feel free to review :) |
Signed-off-by: Romain Caire <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looks awesome. I have a couple of suggestions / concerns, but overall it looks good.
Signed-off-by: Romain Caire <[email protected]>
Signed-off-by: Romain Caire <[email protected]>
Signed-off-by: Romain Caire <[email protected]>
This looks good! |
There is actually no But I can definitely add this if you want :) |
Ok, there is some in this RFC: https://datatracker.ietf.org/doc/html/rfc8414 I'll add it later today :) |
Signed-off-by: Romain Caire <[email protected]>
Done, I took the liberty of writing tests for the static handler function also :) |
Signed-off-by: Romain Caire <[email protected]>
Signed-off-by: Romain Caire <[email protected]>
Signed-off-by: Romain Caire <[email protected]>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@supercairos, thank you, it looks good!
@calderonth, also, thank you for pointing out the discovery.
Overview
Implement RFC7662.
See https://datatracker.ietf.org/doc/html/rfc7662
What this PR does / why we need it
It implements the RFC7662.
A endpoint to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.
OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.