This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links

Version management

Difference between version and

At line 1 added 25 lines
!!! Overview
%%information
Is this the same as the [Introspection_endpoint] from [OAuth 2.0 Token Introspection] ?
%%
[{$pagename}] is an [Endpoint] when receiving a [Requesting Party Token] with the "Bearer" scheme in the [Authorization Header] from a [OAuth Client] making an access attempt, the [Resource Server] introspects the [Requesting Party Token] by using the [{$pagename}] of the [Protection API]. The [Protection API Token] used by the [Resource Server] to make the introspects request which provides the [Resource Owner] context to the [Authorization Server].
The [Authorization Server] responds with a [JSON] object with the structure dictated by [OAuth 2.0 Token Introspection]. If the "active" property has a Boolean value of true, then the [JSON] object MUST NOT contain a "scope" claim, and MUST contain an extension property with the name "permissions" that contains an array of zero or more values, each of which is an object consisting of these properties:
%%zebra-table
%%sortable
%%table-filter
||[Permission]||REQUIRED||Description
|resource_set_id|REQUIRED|A string that uniquely identifies the [Resource Set], access to which has been granted to this client on behalf of this [Requesting Party]. The identifier MUST correspond to a [Resource Set] that was previously registered as protected.
|scopes|REQUIRED|An array referencing one or more [URI]s of scopes to which access was granted for this [Resource Set]. Each scope MUST correspond to a scope that was registered by this resource server for the referenced [Resource Set].
|exp|OPTIONAL|Integer timestamp, [Unix Time], indicating when this [Permission] will expire. If the property is absent, the [Permission] does not expire. If the token-level "exp" value pre-dates a permission-level "exp" value, the former overrides the latter.
|iat|OPTIONAL|Integer timestamp,[Unix Time], indicating when this [Permission] was originally issued. If the token-level "iat" value post-dates a permission-level "iat" value, the former overrides the latter.
|nbf|OPTIONAL|Integer timestamp, [Unix Time], indicating the time before which this [Permission] is not valid. If the token-level "nbf" value post-dates a permission-level "nbf" value, the former overrides the latter.
/%
/%
/%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]