[keycloak-dev] OAuth2 Offline Token Introspection

Stian Thorgersen sthorger at redhat.com
Tue Jun 7 03:34:28 EDT 2016 

In that case +1 to support offline tokens.

On 7 June 2016 at 09:29, Marek Posolda <mposolda at redhat.com> wrote:

> The introspection specs has some support for refresh tokens and our impl
> supports it too. You can even provide "token_type_hint" parameter and use
> either the value "access_token" or "refresh_token" .
>
> The offline token is not directly supported, but I am personally not
> seeing an issue for us to be a bit more "clever" and lookup offline
> sessions instead of online sessions in case that type of provided token is
> offline token?
>
> Marek
>
>
> On 07/06/16 09:17, Stian Thorgersen wrote:
>
> The token introspection endpoint is for access tokens though, not refresh
> tokens and offline tokens. You should introspect an access token retrieved
> using the offline token, not the offline token itself.
>
> On 7 June 2016 at 08:35, Marek Posolda <mposolda at redhat.com> wrote:
>
>> Hi,
>>
>> it seems that oauth2 token introspection specs doesn't have any direct
>> support for OIDC offline tokens. However you can possibly create JIRA for
>> it. Currently it seems we consider token as valid just if there is "online"
>> valid userSession. In case of offlineToken, it should check "offline"
>> session instead.
>>
>> Marek
>>
>>
>> On 06/06/16 19:12, Jorge M. wrote:
>>
>> Hi,
>>
>> I'm using the oauth2 token introspection feature in order to validate and
>> get info about tokens, however I'm not being able to get info of
>> offline_tokens. Is that possible? Or does it make sense?
>>
>> Thank you,
>> JM
>>
>>
>> _______________________________________________
>> keycloak-dev mailing listkeycloak-dev at lists.jboss.orghttps://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>>
>>
>> _______________________________________________
>> keycloak-dev mailing list
>> keycloak-dev at lists.jboss.org
>> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160607/12031905/attachment.html

More information about the keycloak-dev mailing list