Hi,
When an access_token is generated for grant_type authorization_code, can the token be
introspected by keycloak server? When trying to introspect such a token, keycloak server
constantly replies with { "active": false }. However, when the access_token is
generated for grant_type password, introspection works correctly.
Also, if a token generated for grant_type authorization_code can be introspected, does the
introspection procedure differs from the usual introspection (a POST request, with an
Authorization header that has Basic scheme whose value fits the Client ID and Client
Secret, a Content-Type header whose value is
"application/x-www-form-urlencoded", and a body whose value is token="the
access_token". In CURL: curl --user testApp:d7945c1b-7174-4ebb-a481-b3c0bf8991ef -d
"token=ey.............NPJW71A" -X POST
http://localhost:8080/auth/realms/demo/protocol/openid-connect/token/intr...).
Thanks,
Dorit
This email and any files transmitted with it are confidential material. They are intended
solely for the use of the designated individual or entity to whom they are addressed. If
the reader of this message is not the intended recipient, you are hereby notified that any
dissemination, use, distribution or copying of this communication is strictly prohibited
and may be unlawful.
If you have received this email in error please immediately notify the sender and delete
or destroy any copy of this message