Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add introspection implementation - updated #1255

Open
wants to merge 36 commits into
base: master
Choose a base branch
from

Conversation

kromacie
Copy link

@kromacie kromacie commented Dec 11, 2021

Hello,

There is a PR started by Steve Porter related to RFC 7662 that wasn't updated for almost three years already. Based on the activity under the old thread and my personal willingness to use it, I think that there is still a demand for this feature. Therefore I decided to refurbish it a bit and refactor it slightly.

There is what I changed compared to the previous PR.

  • I added authorization to use introspection, which should prevent tokens fishing. It's reused from ResourceServerMiddleware, which means, without a valid access token, you can't access the introspection endpoint.
  • I separated introspection from Authorization Server to a dedicated Introspection Server because previously, it introduced many unrelated changes to existing logic. Also, I thought it would be better to keep it apart from Resource Server because it can be and often have to be separated in practice. For the compromise, I decided to put it somewhere in between.

Also, It's my very first contribution to an open-source project, so please feel free to mention any mistake or gap that I didn't find. I hope you will find it helpful.

fetzi and others added 30 commits March 2, 2018 22:53
according to RFC 7662 the introspection mechanism is implemented
…feature/add-introspection-implementation-code-review

# Conflicts:
#	src/Grant/AuthCodeGrant.php
The JWT logic has been moved from the introspection response and is now in the child class BearerTokenIntrospectionResponse
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants