[keycloak-dev] OAuth2 Offline Token Introspection

Marek Posolda mposolda at redhat.com
Tue Jun 7 03:29:07 EDT 2016 

The introspection specs has some support for refresh tokens and our impl 
supports it too. You can even provide "token_type_hint" parameter and 
use either the value "access_token" or "refresh_token" .

The offline token is not directly supported, but I am personally not 
seeing an issue for us to be a bit more "clever" and lookup offline 
sessions instead of online sessions in case that type of provided token 
is offline token?

Marek

On 07/06/16 09:17, Stian Thorgersen wrote:
> The token introspection endpoint is for access tokens though, not 
> refresh tokens and offline tokens. You should introspect an access 
> token retrieved using the offline token, not the offline token itself.
>
> On 7 June 2016 at 08:35, Marek Posolda <mposolda at redhat.com 
> <mailto:mposolda at redhat.com>> wrote:
>
>     Hi,
>
>     it seems that oauth2 token introspection specs doesn't have any
>     direct support for OIDC offline tokens. However you can possibly
>     create JIRA for it. Currently it seems we consider token as valid
>     just if there is "online" valid userSession. In case of
>     offlineToken, it should check "offline" session instead.
>
>     Marek
>
>
>     On 06/06/16 19:12, Jorge M. wrote:
>>     Hi,
>>
>>     I'm using the oauth2 token introspection feature in order to
>>     validate and get info about tokens, however I'm not being able to
>>     get info of offline_tokens. Is that possible? Or does it make sense?
>>
>>     Thank you,
>>     JM
>>
>>
>>     _______________________________________________
>>     keycloak-dev mailing list
>>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>
>     _______________________________________________
>     keycloak-dev mailing list
>     keycloak-dev at lists.jboss.org <mailto:keycloak-dev at lists.jboss.org>
>     https://lists.jboss.org/mailman/listinfo/keycloak-dev
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/keycloak-dev/attachments/20160607/ac2a5689/attachment.html

More information about the keycloak-dev mailing list