Open MartinFlores751 opened 1 day ago
Does this overlap with any existing OAuth issues?
Not from what I can tell. It's a bit adjacent to the validating tokens issue, though that's focused on our 'client mode'. This issue is focused on 'protected resource mode'.
Okay. Placing in the 0.5.0 milestone for now.
Can bump it if necessary.
Using the OAuth 2.0 Access Token JWT Profile^1, we should be able to validate access tokens for OpenID providers who give JWT access tokens but don't provide an introspection endpoint. This should cover most OpenID providers, though some providers may not provide either standard methods.