Closed azmeuk closed 11 months ago
An alternative to this would be to implement register_introspection_endpoint
and register_revokation_endpoint
with an optional token_type
parameter, in the fashion of register_token_generator
. However that would be a breaking change.
What do you think @lepture?
@azmeuk I think your implementation looks good. Would you like to add endpoints in this branch, or let me merge it at first?
We can merge this now so the branch diff will be easier to read.
Merged.
I am currently tackling #427 and I realize it would be easier for me if one could register several endpoints of a kind. For instance one
JWTAccessTokenIntrospectionEndpoint
that would read the introspection data from the JWT access token, and a regularIntrospectionEndpoint
for the other kind of tokens.With this patch, if
JWTAccessTokenIntrospectionEndpoint
would meet a plain-text access token, it would raise aContinueIteration
exception and pass to theIntrospectionEndpoint
. Same if the token_hint is a refresh token for instance (RFC9068 is only about access tokens).This would also help for the revokation endpoint.
What do you think?