There are no tests for now but it opens the discussion. 📢
A point to discuss that I see is how to handle security.
I implemented this using a list of oauth authorized client, but it's really opinionated as the security might be managed by any possible firewall (you can "just" put the endpoint behind a Bearer authorization :man_shrugging: ).
jdeniau
commented
5 years ago
This is a work in progress but I would like your opinion about implementing the RFC 7662: OAuth 2.0 Token Introspection.
There are no tests for now but it opens the discussion. 📢
A point to discuss that I see is how to handle security. I implemented this using a list of oauth authorized client, but it's really opinionated as the security might be managed by any possible firewall (you can "just" put the endpoint behind a
Bearerauthorization :man_shrugging: ).