[Openid-specs-ab] Generic introspection endpoint
Justin Richer
jricher at mitre.org
Tue Jul 26 13:49:29 UTC 2011
I think there's value in it as a general endpoint, especially if others
have been already doing it. We're currently looking at returning the
scope and expiration of a token if it's valid, and a 404 if it's not
valid.
-- Justin
On Mon, 2011-07-25 at 11:11 -0400, John Bradley wrote:
> It is something that a number of people like SalesForce do.
>
> I don't think it has been generalized yet.
>
> Perhaps we should consider proposing it as a more general OAuth endpoint.
>
> John B.
> On 2011-07-25, at 10:47 AM, Justin Richer wrote:
>
> > Is there a generic mechanism for the introspection endpoint as described
> > in the connect spec? In that, I have a use for an endpoint that an
> > oauth2 protected resource can just throw a token at and get a yes/no
> > type response.
> >
> > If this exists out there, can someone point me to the documentation? If
> > this hasn't been genericized by the group, I'd like to request that we
> > do so with it.
> >
> > -- Justin
> >
> > _______________________________________________
> > Openid-specs-ab mailing list
> > Openid-specs-ab at lists.openid.net
> > http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
More information about the Openid-specs-ab
mailing list