[keycloak-dev] token_introspection_endpoint == introspection_endpoint ? in .well-known/openid-configuration

Stian Thorgersen sthorger at redhat.com
Mon Jan 14 02:44:14 EST 2019


I'd say so. Token introspection endpoint is not listed in OpenID Connect
Discovery, but is in OAuth Discovery as introspection_endpoint [1]. So we
should remove token_introspection_endpoint.

[1] https://tools.ietf.org/html/draft-ietf-oauth-discovery-06

On Fri, 11 Jan 2019 at 15:24, Thomas Darimont <
thomas.darimont at googlemail.com> wrote:

> Hello,
>
> I just noticed that the .well-known/openid-configuration contains 2 links
> for the token_introspection_endpoint is this a bug?
>
> Cheers,
> Thomas
>
> {
> "issuer": "https://sso.example.com/auth/realms/master",
> "authorization_endpoint": "
> https://sso.example.com/auth/realms/master/protocol/openid-connect/auth",
> "token_endpoint": "
> https://sso.example.com/auth/realms/master/protocol/openid-connect/token",
> * "token_introspection_endpoint": "
>
> https://sso.example.com/auth/realms/master/protocol/openid-connect/token/introspect
> ",
> "userinfo_endpoint": "
> https://sso.example.com/auth/realms/master/protocol/openid-connect/userinfo
> ",
> "end_session_endpoint": "
> https://sso.example.com/auth/realms/master/protocol/openid-connect/logout
> ",
> "jwks_uri": "
> https://sso.example.com/auth/realms/master/protocol/openid-connect/certs",
> "check_session_iframe": "
>
> https://sso.example.com/auth/realms/master/protocol/openid-connect/login-status-iframe.html
> ",
> ...
> "tls_client_certificate_bound_access_tokens": true,
> * "introspection_endpoint": "
>
> https://sso.example.com/auth/realms/master/protocol/openid-connect/token/introspect
> "
> }
> _______________________________________________
> keycloak-dev mailing list
> keycloak-dev at lists.jboss.org
> https://lists.jboss.org/mailman/listinfo/keycloak-dev
>


More information about the keycloak-dev mailing list