OAuth 2.0 Token Introspection - RFC 7662

[martinhaase]

Hi, Yet another question: is it planned for APIs to implement RFC 7662 (OAuth 2.0 Token Introspection, see https://tools.ietf.org/html/rfc7662)? If yes, which would be the planning horizon?
Thanks,
Martin

[Robbilie]

https://github.com/OAuth-Apis/apis/blob/master/apis-authorization-server/src/main/java/org/surfnet/oaaas/resource/VerifyResource.java

isnt that what this rfc defines?

[javierisaai]

@Robbilie The above is a Google approach to a somewhat similar requirement, however rfc7662's spec is quite more detailed, with guidelines & requirements missing in this project's implementation.
By the way, rfc7662 seems like quite a final document, so it's worth considering putting some efforts behind an implementation.

[gvanderploeg]

At the time of implementation, this RFC 7662 did not exist yet, therefore
we used Google's impl. as reference.
Indeed, now that the RFC is there, a proper implementation according to
spec would be nice.
Unfortenately, there are no current plans for this. PRs are most welcome
though :-)

On 19 June 2016 at 19:18, Javier Rivera-Acosta notifications@github.com
wrote:

@Robbilie https://github.com/Robbilie The above is a Google approach to
a somewhat similar requirement, however rfc7662's spec is quite more
detailed, with guidelines & requirements missing in this project's
implementation.
By the way, rfc7662 seems like quite a final document, so it's worth
considering putting some efforts behind an implementation.

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#92 (comment), or mute
the thread
https://github.com/notifications/unsubscribe/ABG69rSjpjZgGsYMHR_fjfS64f1Zw31xks5qNXn-gaJpZM4I4IQ3
.

http://www.finalist.nl

[thiagozf]

I've done an initial implementation of the RFC 7662 spec (thiagozf/apis#10), based on the current token verification feature. My idea is to deprecate the current endpoint (/tokeninfo) and start using a new one (/introspect). Things like AuthorizationServerFilter should also consider the new endpoint.

I will submit a pull request as soon as it gets more complete and stable. Feedback and/or contributions for this task are appreciated.