Oauth2 token Introspection endpoint

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

Oauth2 token Introspection endpoint

Robert Jackson
Is there documentation on the security for this endpoint?

The authentication is by client & secret

1.) Is the requirement that the endpoint authentication (basic authorization) must match the same client as the access_token was issued to?  This seems to be the case as calling it and authenticating with a different client/agent & secret just returns active: false every time

2.) I have been unable to authenticate to this endpoint with a client/secret for an agent that is not in the root realm



CONFIDENTIALITY NOTICE: This e-mail message, including any attachments hereto, is for the sole use of the intended recipient(s) and may contain confidential and/or proprietary information. 
Visit the OpenAM forum at https://forgerock.org/forum/fr-projects/openam/
OpenAM mailing list
[hidden email]