I'd say so. Token introspection endpoint is not listed in OpenID Connect
Discovery, but is in OAuth Discovery as introspection_endpoint [1]. So we
should remove token_introspection_endpoint.
[1]
https://tools.ietf.org/html/draft-ietf-oauth-discovery-06
On Fri, 11 Jan 2019 at 15:24, Thomas Darimont <
thomas.darimont(a)googlemail.com> wrote:
Hello,
I just noticed that the .well-known/openid-configuration contains 2 links
for the token_introspection_endpoint is this a bug?
Cheers,
Thomas
{
"issuer": "https://sso.example.com/auth/realms/master",
"authorization_endpoint": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/auth",
"token_endpoint": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/token&...;,
* "token_introspection_endpoint": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/token/...
",
"userinfo_endpoint": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/userinfo
",
"end_session_endpoint": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/logout
",
"jwks_uri": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/certs&...;,
"check_session_iframe": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/login-...
",
...
"tls_client_certificate_bound_access_tokens": true,
* "introspection_endpoint": "
https://sso.example.com/auth/realms/master/protocol/openid-connect/token/...
"
}
_______________________________________________
keycloak-dev mailing list
keycloak-dev(a)lists.jboss.org
https://lists.jboss.org/mailman/listinfo/keycloak-dev