Resource Server needs to check whether the received Access Token from Client is still valid or not

keycloak / kc-sig-fapi

Apache License 2.0

74 stars 50 forks source link

Resource Server needs to check whether the received Access Token from Client is still valid or not #20

Closed tnorimat closed 5 years ago

tnorimat commented 5 years ago

CallAccountsEndpointWithBearerTokenExpectingError checks whether Resource Server returns error when it receives Access Token that became invalid due to some reason (double usage of Authz Code).

Resource Server needs to have capability of checking whether received Access Token is valid or not.

To do so, Resource Server asks keycloak for it by Token Introspection, and returns error to the Client if it is invalid.

wadahiro commented 5 years ago

It seems that CallAccountsEndpointWithBearerTokenExpectingError is for a test OB-6.2.1-2:

https://gitlab.com/openid/conformance-suite/blob/23e6d330a5fe277fa76f84a148d84889b73ff407/src/main/java/io/fintechlabs/testframework/openbanking/AbstractOBServerTestModule.java#L345

Also, it has already been issued in #9.