jwt resp token introspec

JWT Responses for Token Introspection

The introspection response, as specified in OAuth 2.0 Token Introspection, is a plain JSON object. However, there are use cases where the resource server requires stronger assurance that the authorization server issued the access token, including cases where the authorization server assumes liability for the token's content. An example is a resource server using verified person data to create certificates, which in turn are used to create qualified electronic signatures.

In such use cases it may be useful or even required to return a signed JWT as the introspection response. This specification extends the token introspection endpoint with the capability to return responses as JWTs.

Introduction
Features
Authorization Grant
Response Types
Tokens
Stores
Modifying the Server
Tutorials
- Adding a client
- Protecting Node API
- Client User Authentication
- Implementing Claims and Scopes (TBA)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

jwt resp token introspec

JWT Responses for Token Introspection

Clone this wiki locally