starred/pocket-id
1
0
Fork 0
mirror of https://github.com/pocket-id/pocket-id.git synced 2025-12-06 09:13:19 +03:00
Code Issues 121 Packages Projects Releases 16 Wiki Activity

🚀 Feature: Provide introspection endpoint #273

New Issue
Closed
opened 2025-10-07 00:08:15 +03:00 by OVERLORD · 2 comments
OVERLORD commented 2025-10-07 00:08:15 +03:00
Owner
Copy Link

Originally created by @aksdb on GitHub.

Feature description

In OAuth2 flows, where the server needs to verify the validity of a token provided by a client, it may be of use to offer token introspection as defined in RFC7662 and advertise it as introspection_endpoint in /.well-known/openid-configuration.

Pitch

An single-page-application could be a public OIDC app acquiring an access token. This is passed to a backend which has its own OIDC app. That backend can then make use of the introspection endpoint, to verify the validity of the token and extract information from it.

An application that uses it is for example OpenTalk.

Originally created by @aksdb on GitHub. ### Feature description In OAuth2 flows, where the server needs to verify the validity of a token provided by a client, it may be of use to offer token introspection as defined in [RFC7662](https://datatracker.ietf.org/doc/html/rfc7662) and advertise it as `introspection_endpoint` in `/.well-known/openid-configuration`. ### Pitch An single-page-application could be a public OIDC app acquiring an access token. This is passed to a backend which has its own OIDC app. That backend can then make use of the introspection endpoint, to verify the validity of the token and extract information from it. An application that uses it is for example [OpenTalk](https://opentalk.eu).
OVERLORD added the feature label 2025-10-07 00:08:15 +03:00
OVERLORD commented 2025-10-07 00:08:18 +03:00
Author
Owner
Copy Link

@kmendell commented on GitHub:

I added the needs-more-upvotes label for now. I want to research this more as well.

Also @stonith404 please provide your input on this.

@kmendell commented on GitHub: I added the needs-more-upvotes label for now. I want to research this more as well. Also @stonith404 please provide your input on this.
OVERLORD commented 2025-10-07 00:08:19 +03:00
Author
Owner
Copy Link

@stonith404 commented on GitHub:

Yes, this would make sense to add.

A client should be able to verify the access token by using the JWK from the .well-known/jwks.json endpoint but there are probably clients that use the introspection endpoint instead.

@stonith404 commented on GitHub: Yes, this would make sense to add. A client should be able to verify the access token by using the JWK from the `.well-known/jwks.json` endpoint but there are probably clients that use the introspection endpoint instead.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking
bug
documentation
feature
needs more upvotes
open to pull requests
pull-request
Mirrored from GitHub Pull Request
No Label feature
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
OVERLORD
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#273
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?