feat: add configuration property to AS which will allow to bypass basic client authentication restriction to query only own tokens

GluuFederation / oxAuth

OAuth 2.0 server and client; OpenID Connect Provider (OP) & UMA Authorization Server (AS)

https://gluu.org/docs/ce

MIT License

423 stars 150 forks source link

feat: add configuration property to AS which will allow to bypass basic client authentication restriction to query only own tokens #1865

Closed mmrraju closed 1 year ago

mmrraju commented 1 year ago

Describe the issue

Target ticket-11512

Introspection endpoint can accept:

Bearer access_token - in this case it's possible to query different clients.
Basic client authentication where client id and client secret are passed explicitly.

For the second approach we need token associated client. Currently not possible for different clients. So we should make it possible for multiple clients.

yuriyz commented 1 year ago

Issue is fixed in 4.5.2 and war is rebuilt https://jenkins.gluu.org/maven/org/gluu/oxauth-server/4.5.2.Final/oxauth-server-4.5.2.Final.war

Added new configuration property introspectionRestrictBasicAuthnToOwnTokens with default value false.