Overview#

Is this the same as the Introspection_endpoint from OAuth 2.0 Token Introspection ?

Token Introspection Endpoint is an Endpoint when receiving a Requesting Party Token with the "Bearer" scheme in the Authorization Header from a OAuth Client making an access attempt, the Resource Server introspects the Requesting Party Token by using the Token Introspection Endpoint of the Protection API. The Protection API Token used by the Resource Server to make the introspects request which provides the Resource Owner context to the Authorization Server.

The Authorization Server responds with a JSON object with the structure dictated by OAuth 2.0 Token Introspection. If the "active" property has a Boolean value of true, then the JSON object MUST NOT contain a "scope" claim, and MUST contain an extension property with the name "permissions" that contains an array of zero or more values, each of which is an object consisting of these properties:

PermissionREQUIREDDescription
resource_set_idREQUIREDA string that uniquely identifies the Resource Set, access to which has been granted to this client on behalf of this Requesting Party. The identifier MUST correspond to a Resource Set that was previously registered as protected.
scopesREQUIREDAn array referencing one or more URIs of scopes to which access was granted for this Resource Set. Each scope MUST correspond to a scope that was registered by this resource server for the referenced Resource Set.
expOPTIONALInteger timestamp, Unix Time, indicating when this Permission will expire. If the property is absent, the Permission does not expire. If the token-level "exp" value pre-dates a permission-level "exp" value, the former overrides the latter.
iatOPTIONALInteger timestamp,Unix Time, indicating when this Permission was originally issued. If the token-level "iat" value post-dates a permission-level "iat" value, the former overrides the latter.
nbfOPTIONALInteger timestamp, Unix Time, indicating the time before which this Permission is not valid. If the token-level "nbf" value post-dates a permission-level "nbf" value, the former overrides the latter.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-4) was last changed on 08-Mar-2017 10:17 by jim