Hi Ishara,
According to the specification, it is not recommended to expose too much
details about why the token is not active.
Note that to avoid disclosing too
much of the authorization server's state to a third party, the
authorization server SHOULD NOT include any additional information
about an inactive token, including why the token is inactive.
Sending response as expired, expose too much details about the
authorization server's state, as I understand. And in the same time
specification
specifically says to send {"active": false} response for any inactive token
or any error response (other than unauthorized client). So sending such a
custom attribute is not suitable either.
Thanks,
On Fri, Dec 2, 2016 at 10:51 PM, Farasath Ahamed <[email protected]> wrote:
> Hi Ishara,
>
> The '*active*' parameter is mandatory according to the Introspection
> spec[1], to indicate the status of the token.
>
> If we are to send something like what you have suggested we could do so by
> using a custom attribute in response. But then again that would be
> something specific to our implementation and would not be understood by
> standard clients right?
>
>
> [1] https://tools.ietf.org/html/rfc7662#section-2.2
>
>
> Thanks,
> Farasath Ahamed
> Software Engineer, WSO2 Inc.; http://wso2.com
> Mobile: +94777603866
> Blog: blog.farazath.com
> Twitter: @farazath619 <https://twitter.com/farazath619>
> <http://wso2.com/signature>
>
>
>
> On Fri, Dec 2, 2016 at 10:38 PM, Ishara Cooray <[email protected]> wrote:
>
>> I have used introspect end point to get token info with Identity Server
>> 5.3.0
>> I get {'active':false} response even for expired token.
>>
>> *Request :*
>> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST
>> --data 'token=a2c12c81-33fb-3e07-aa5e-c50639011199'
>> https://localhost:9443/oauth2/introspect
>> <https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Foauth2%2Fintrospect&sa=D&sntz=1&usg=AFQjCNEpi8QB_64Z4cbYhSNt1Ip7mao6vQ>
>>
>> *Response:*
>> {'active':false}
>>
>> But, if we can have the{ state : expired } that way we can provide a more
>> concrete response to end user.
>>
>> wdyt?
>>
>> Thanks & Regards,
>> Ishara Cooray
>> Senior Software Eng
>>
>> ineer
>> Mobile : +9477 262 9512 <+94%2077%20262%209512>
>> WSO2, Inc. | http://wso2.com/
>> Lean . Enterprise . Middleware
>>
>> _______________________________________________
>> Dev mailing list
>> [email protected]
>> http://wso2.org/cgi-bin/mailman/listinfo/dev
>>
>>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
--
Maduranga Siriwardena
Software Engineer
WSO2 Inc; http://wso2.com/
Email: [email protected]
Mobile: +94718990591
Blog: http://madurangasblogs.blogspot.com/
<http://wso2.com/signature>
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
