[Openid-specs-ab] Introspection Profile for OpenID Connect

John Bradley ve7jtb at ve7jtb.com
Fri Sep 13 03:42:25 UTC 2013

Connect specifically allows any OAuth token type and token verification method to be used for the RS/user_info endpoint.   Typically it is controlled by the same entity that controls the AS if unstructured tokens are used.   Many people are using JWT as access tokens and those don't typically require introspection.

UMA has a much more complex authorization model than OAuth so it  needs a fairly complicated introduction and introspection.   Connect can live with that if that is what the IdPwants to do.

There is also a introspection draft http://tools.ietf.org/html/draft-richer-oauth-introspection

Introspection of access tokens is currently out of scope for Connect.

On 2013-09-12, at 1:34 PM, mike at gluu.org wrote:

> OpenID Connect Gurus,
> I was wondering why there is no introspection endpoint defined by OpenID Connect. UMA has a profile for this. Am I missing something? How else could you get information about a bearer token?
> - Mike
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4507 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20130912/24d287fc/attachment.p7s>

More information about the Openid-specs-ab mailing list