[PR #405] feat: implement token introspection #823

New Issue

Closed

opened 2025-10-07 00:22:59 +03:00 by OVERLORD · 0 comments

OVERLORD commented 2025-10-07 00:22:59 +03:00

Owner

Copy Link

Original Pull Request: https://github.com/pocket-id/pocket-id/pull/405

State: closed
Merged: Yes

---

This PR implements the token introspection as requested in ticket #395.

It fulfills RFC 7662 as far as I can tell (at least the client that required it is happy with the result).

The endpoint requires a client_id/client_secret pair for authentication, so no random attackers can use it to fish for valid tokens (although that attack vector is pretty limited currently, since we don't offer any token revocation anyway). Potentially we could also allow API token auth for this endpoint, but for now it should be a good start with clientid/clientsecret already.

It also allows checking for the validity of a refresh_token.

Fixes: https://github.com/pocket-id/pocket-id/issues/395

**Original Pull Request:** https://github.com/pocket-id/pocket-id/pull/405 **State:** closed **Merged:** Yes --- This PR implements the token introspection as requested in ticket #395. It fulfills RFC 7662 as far as I can tell (at least the client that required it is happy with the result). The endpoint requires a `client_id`/`client_secret` pair for authentication, so no random attackers can use it to fish for valid tokens (although that attack vector is pretty limited currently, since we don't offer any token revocation anyway). Potentially we could also allow API token auth for this endpoint, but for now it should be a good start with clientid/clientsecret already. It also allows checking for the validity of a `refresh_token`. Fixes: https://github.com/pocket-id/pocket-id/issues/395

OVERLORD added the pull-request label 2025-10-07 00:22:59 +03:00

OVERLORD closed this issue 2025-10-07 00:23:00 +03:00

Sign in to join this conversation.

No Branch/Tag Specified

Branches Tags

main

i18n_crowdin

breaking/v2

v2/use-item-component

default-env-db-keys

slog-gorm

v1.16.0

v1.15.0

v1.14.2

v1.14.1

v1.14.0

v1.13.1

v1.13.0

v1.12.0

v1.11.2

v1.11.1

v1.11.0

v1.10.0

v1.9.1

v1.9.0

v1.8.1

v1.8.0

v1.7.0

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.0

v1.4.1

v1.4.0

v1.3.1

v1.3.0

v1.2.0

v1.1.0

v1.0.0

v0.53.0

v0.52.0

v0.51.1

v0.51.0

v0.50.0

v0.49.0

v0.48.0

v0.47.0

v0.46.0

v0.45.0

v0.44.0

v0.43.1

v0.43.0

v0.42.1

v0.42.0

v0.41.0

v0.40.1

v0.40.0

v0.39.0

v0.38.0

v0.37.0

v0.36.0

v0.35.6

v0.35.5

v0.35.4

v0.35.3

v0.35.2

v0.35.1

v0.35.0

v0.34.0

v0.33.0

v0.32.0

v0.31.0

v0.30.0

v0.29.0

v0.28.1

v0.28.0

v0.27.2

v0.27.1

v0.27.0

v0.26.0

v0.25.1

v0.25.0

v0.24.1

v0.24.0

v0.23.0

v0.22.0

v0.21.0

v0.20.1

v0.20.0

v0.19.0

v0.18.0

v0.17.0

v0.16.0

v0.15.0

v0.14.0

v0.13.1

v0.13.0

v0.12.0

v0.11.0

v0.10.0

v0.9.0

v0.8.1

v0.8.0

v0.7.1

v0.7.0

v0.6.0

v0.5.3

v0.5.2

v0.5.1

v0.5.0

v0.4.1

v0.4.0

v0.3.1

v0.3.0

v0.2.1

v0.2.0

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels

breaking

bug

documentation

feature

needs more upvotes

open to pull requests

pull-request

Mirrored from GitHub Pull Request

No Label pull-request

Milestone

No items

No Milestone

Projects

Clear projects

No project

Assignees

Clear assignees

OVERLORD

No Assignees

1 Participants

Notifications

Subscribe

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: starred/pocket-id#823