[Openid-specs-ab] Generic introspection endpoint

Justin Richer jricher at mitre.org
Tue Jul 26 13:49:29 UTC 2011


I think there's value in it as a general endpoint, especially if others
have been already doing it. We're currently looking at returning the
scope and expiration of a token if it's valid, and a 404 if it's not
valid.

 -- Justin

On Mon, 2011-07-25 at 11:11 -0400, John Bradley wrote:
> It is something that a number of people like SalesForce do.
> 
> I don't think it has been generalized yet.
> 
> Perhaps we should consider proposing it as a more general OAuth endpoint.
> 
> John B.
> On 2011-07-25, at 10:47 AM, Justin Richer wrote:
> 
> > Is there a generic mechanism for the introspection endpoint as described
> > in the connect spec? In that, I have a use for an endpoint that an
> > oauth2 protected resource can just throw a token at and get a yes/no
> > type response. 
> > 
> > If this exists out there, can someone point me to the documentation? If
> > this hasn't been genericized by the group, I'd like to request that we
> > do so with it. 
> > 
> > -- Justin
> > 
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
> 




More information about the Openid-specs-ab mailing list