Skip to content
This repository has been archived by the owner on Jul 3, 2020. It is now read-only.

OAuth 2.0 Token Introspection - RFC 7662 #92

Open
martinhaase opened this issue Jun 17, 2016 · 4 comments
Open

OAuth 2.0 Token Introspection - RFC 7662 #92

martinhaase opened this issue Jun 17, 2016 · 4 comments

Comments

@martinhaase
Copy link

Hi, Yet another question: is it planned for APIs to implement RFC 7662 (OAuth 2.0 Token Introspection, see https://tools.ietf.org/html/rfc7662)? If yes, which would be the planning horizon?
Thanks,
Martin
@Robbilie
Copy link

https://github.com/OAuth-Apis/apis/blob/master/apis-authorization-server/src/main/java/org/surfnet/oaaas/resource/VerifyResource.java

isnt that what this rfc defines?

@javierisaai
Copy link

@Robbilie The above is a Google approach to a somewhat similar requirement, however rfc7662's spec is quite more detailed, with guidelines & requirements missing in this project's implementation.
By the way, rfc7662 seems like quite a final document, so it's worth considering putting some efforts behind an implementation.

@gvanderploeg
Copy link
Contributor

At the time of implementation, this RFC 7662 did not exist yet, therefore
we used Google's impl. as reference.
Indeed, now that the RFC is there, a proper implementation according to
spec would be nice.
Unfortenately, there are no current plans for this. PRs are most welcome
though :-)

On 19 June 2016 at 19:18, Javier Rivera-Acosta [email protected]
wrote:

@Robbilie https://github.com/Robbilie The above is a Google approach to
a somewhat similar requirement, however rfc7662's spec is quite more
detailed, with guidelines & requirements missing in this project's
implementation.
By the way, rfc7662 seems like quite a final document, so it's worth
considering putting some efforts behind an implementation.


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#92 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/ABG69rSjpjZgGsYMHR_fjfS64f1Zw31xks5qNXn-gaJpZM4I4IQ3
.

http://www.finalist.nl

@thiagozf
Copy link

I've done an initial implementation of the RFC 7662 spec (thiagozf/apis#10), based on the current token verification feature. My idea is to deprecate the current endpoint (/tokeninfo) and start using a new one (/introspect). Things like AuthorizationServerFilter should also consider the new endpoint.

I will submit a pull request as soon as it gets more complete and stable. Feedback and/or contributions for this task are appreciated.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Robbilie @gvanderploeg @javierisaai @thiagozf @martinhaase