Hi Sameera, As we discussed during the WSO2Con, I have implemented RFC 7662, with some TODOs for IS 5.1.0.
You can build it from https://svn.wso2.org/repos/wso2/people/prabath/mss-security/org.wso2.carbon.identity.oauth.introspection and deploy it as a war file in IS 5.1.0 latest build. You can download the latest IS build from https://svn.wso2.org/repos/wso2/people/hasintha/pre-RC1/wso2is-5.1.0-SNAPSHOT.zip . Now we need to build a JWT token builder to IS - I guess we can reuse the component already developed by Dinusha. Please find below the usage of the introspection API. 1. Empty Token: curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=' https://idp1.federationhub.org:9443/introspect Response: {"active":false} 2. Invalid Token curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=Bjhk98792k9hkjhk' https://idp1.federationhub.org:9443/introspect Response: {"active":false,"token_type":"bearer"} 3. Valid Token 3.1 Get a token first: curl -v -X POST --basic -u LUG28MI5yjL5dATxQWdYGhDLSywa:b855n2UIxixrl_MN_juUuG7cnTUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=client_credentials" https://localhost:9443/oauth2/token 3.1.1 Validate the token curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=99f0a7092c71a6e772cbcf77addd39ea' https://idp1.federationhub.org:9443/introspect Response: { "username":"[email protected]", "nbf":3272, "active":true, "token_type":"bearer", "client_id":"LUG28MI5yjL5dATxQWdYGhDLSywa" } 3.2 Get a token with scopes curl -v -X POST --basic -u LUG28MI5yjL5dATxQWdYGhDLSywa:b855n2UIxixrl_MN_juUuG7cnTUa -H "Content-Type: application/x-www-form-urlencoded;charset=UTF-8" -k -d "grant_type=client_credentials&scope=test1 test2" https://localhost:9443/oauth2/token 3.2.1 Validate the token curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST --data 'token=c78ac96fe9b59061b53d0223d46ecc24' https://idp1.federationhub.org:9443/introspec Response: { "username":"[email protected]", "scope":"test1 test2 ", "nbf":3240, "active":true, "token_type":"bearer", "client_id":"LUG28MI5yjL5dATxQWdYGhDLSywa" } -- Thanks & Regards, Prabath Twitter : @prabath LinkedIn : http://www.linkedin.com/in/prabathsiriwardena Mobile : +1 650 625 7950 http://blog.facilelogin.com http://blog.api-security.org
_______________________________________________ Architecture mailing list [email protected] https://mail.wso2.org/cgi-bin/mailman/listinfo/architecture
