Hi Ishara, According to the specification, it is not recommended to expose too much details about why the token is not active.
Note that to avoid disclosing too much of the authorization server's state to a third party, the authorization server SHOULD NOT include any additional information about an inactive token, including why the token is inactive. Sending response as expired, expose too much details about the authorization server's state, as I understand. And in the same time specification specifically says to send {"active": false} response for any inactive token or any error response (other than unauthorized client). So sending such a custom attribute is not suitable either. Thanks, On Fri, Dec 2, 2016 at 10:51 PM, Farasath Ahamed <farasa...@wso2.com> wrote: > Hi Ishara, > > The '*active*' parameter is mandatory according to the Introspection > spec[1], to indicate the status of the token. > > If we are to send something like what you have suggested we could do so by > using a custom attribute in response. But then again that would be > something specific to our implementation and would not be understood by > standard clients right? > > > [1] https://tools.ietf.org/html/rfc7662#section-2.2 > > > Thanks, > Farasath Ahamed > Software Engineer, WSO2 Inc.; http://wso2.com > Mobile: +94777603866 > Blog: blog.farazath.com > Twitter: @farazath619 <https://twitter.com/farazath619> > <http://wso2.com/signature> > > > > On Fri, Dec 2, 2016 at 10:38 PM, Ishara Cooray <isha...@wso2.com> wrote: > >> I have used introspect end point to get token info with Identity Server >> 5.3.0 >> I get {'active':false} response even for expired token. >> >> *Request :* >> curl -k -H 'Content-Type: application/x-www-form-urlencoded' -X POST >> --data 'token=a2c12c81-33fb-3e07-aa5e-c50639011199' >> https://localhost:9443/oauth2/introspect >> <https://www.google.com/url?q=https%3A%2F%2Flocalhost%3A9443%2Foauth2%2Fintrospect&sa=D&sntz=1&usg=AFQjCNEpi8QB_64Z4cbYhSNt1Ip7mao6vQ> >> >> *Response:* >> {'active':false} >> >> But, if we can have the{ state : expired } that way we can provide a more >> concrete response to end user. >> >> wdyt? >> >> Thanks & Regards, >> Ishara Cooray >> Senior Software Eng >> >> ineer >> Mobile : +9477 262 9512 <+94%2077%20262%209512> >> WSO2, Inc. | http://wso2.com/ >> Lean . Enterprise . Middleware >> >> _______________________________________________ >> Dev mailing list >> Dev@wso2.org >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Maduranga Siriwardena Software Engineer WSO2 Inc; http://wso2.com/ Email: madura...@wso2.com Mobile: +94718990591 Blog: http://madurangasblogs.blogspot.com/ <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev