Open CrazyParanoid opened 1 month ago
I think there could be merit in implementing that spec once it is finalized. I'll leave this ticket open for the time being to see how it evolves.
In the meantime, I think this would be a good fit for a Spring Security sample. Would you be interested in contributing to https://github.com/spring-projects/spring-security-samples/issues/295?
It would be nice to provide support for phantom tokens. Many IDPs already have this feature, for example keycloak or curity. The main idea is that when introspect is called, jwt is returned in response. For example, as in keycloak:
Apparently this is very similar to JWT Response for OAuth Token Introspection