Which version of Duende IdentityServer are you using?
7.0.5
Which version of .NET are you using?
.NET 8
Describe the bug
Hitting the introspection endpoint with access token and invalid token_type_hint fails.
To Reproduce
Get valid access token.
Send request to token introspection endpoint with valid access token as token, valid client_id, valid client_secret, and invalid token_type_hint such as abc and refresh_token.
Results in 400 with {"error": "invalid_request"} and 200 with {"active":false} respectively.
Expected behavior
Introspection should succeed.
Per RFC 7662:
If the
server is unable to locate the token using the given hint, it MUST
extend its search across all of its supported token types.
Log output/exception with stacktrace
Note that some lines were omitted or redacted.
Which version of Duende IdentityServer are you using? 7.0.5
Which version of .NET are you using? .NET 8
Describe the bug Hitting the introspection endpoint with access token and invalid
token_type_hint
fails.To Reproduce
token
, validclient_id
, validclient_secret
, and invalidtoken_type_hint
such asabc
andrefresh_token
.{"error": "invalid_request"}
and 200 with{"active":false}
respectively.Expected behavior Introspection should succeed. Per RFC 7662:
Log output/exception with stacktrace Note that some lines were omitted or redacted.
IdentityServer 6 (Previously successful)
IdentityServer 7 (Failure in IdentityServer 7)
Additional context https://github.com/DuendeSoftware/IdentityServer/pull/1334, IntrospectionRequestValidator.cs