Hi there,

I am trying to configure a server side (RP) client which requires a JWT introspection URL on the OP. I tried to find such endpoint on the KeyCloak server without avail neither did I actually find any url of type "introspect" in the OpenID Connect Specification.

Does anyone know if/how a OAuth2 client can validate a JWT token via a back channel with the KeyCloak server?

The client I am trying to configure is the MITREid client as per https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Token-Introspecting-Client-Config

Looking at the code, the client will issue a post to the introspection endpoint with some form data:

POST /auth/realms/myrealm/protocol/openid-connect/introspect HTTP/1.1

Host: localhost:8080

Cache-Control: no-cache

Content-Type: application/x-www-form-urlencoded

client_id=myapp&client_secret=mysupersecret&token=eyJhbGciO[trunkated but valid access token]

Any pointers are much appreciated.

Kind Regards,

Niels