Unable to obtain expiration time of refresh tokens

[mitar]

Preflight checklist

• [X] I could not find a solution in the existing issues, docs, nor discussions.
• [X] I agree to follow this project's Code of Conduct.
• [X] I have read and am following this repository's Contribution Guidelines.
• [ ] I have joined the Ory Community Slack.
• [ ] I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe your problem

There seems to be no way to obtain expiration time of refresh tokens. Refresh tokens are opaque (and not JWT) and introspection endpoint returns the associated access token claims and not refresh tokens claims.

Describe your ideal solution

I think introspection endpoint should return refresh token claims for the refresh token, not the access token claims. Ping identity does so and returns:

    {
      "active": true
      "exp": 1556823764
    }

    Note: If the refresh token is configured to never expire, the "exp" attribute will not be returned.

Workarounds or alternatives

None I could find.

Version

latest master

Additional Context

No response

[mitar]

I added to my introspect endpoint handler:

    if ir.GetTokenUse() == "refresh_token" {
        w.Header().Set("Content-Type", "application/json;charset=UTF-8")
        w.Header().Set("Cache-Control", "no-store")
        w.Header().Set("Pragma", "no-cache")

        if !ir.IsActive() {
            _ = json.NewEncoder(w).Encode(&struct {
                Active bool `json:"active"`
            }{Active: false})
            return
        }

        response := map[string]interface{}{
            "active": true,
        }

        if !ir.GetAccessRequester().GetSession().GetExpiresAt(fosite.RefreshToken).IsZero() {
            response["exp"] = ir.GetAccessRequester().GetSession().GetExpiresAt(fosite.RefreshToken).Unix()
        }

        _ = json.NewEncoder(w).Encode(response)
        return
    }