Hi Chanaka, supporting *token_type_hint *parameter had been fixed in the master branch [1][2] and will be released with the upcoming release.
[1] https://github.com/wso2/product-is/issues/3780 [2] https://github.com/wso2-extensions/identity-inbound-auth-oauth/pull/970/files#diff-78ef442733b42d8573912a910e98d884R83 Thanks, Nila. On Fri, May 10, 2019 at 3:09 PM Chanaka Lakmal <chana...@wso2.com> wrote: > Hi all, > > I encountered an issue when trying to Invoke the OAuth2 Introspection > Endpoint of WSO2 IS 5.7.0 as guided by the doc [1]. These are the scenarios > I tried a valid token, and a part of the response status: > > > 1. Invoke introspection endpoint with the *token. *Response - > {"active":true} > curl -k -u admin:admin -H 'Content-Type: > application/x-www-form-urlencoded' -X POST --data > 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb' > https://localhost:9443/oauth2/introspect > > 2. Invoke introspection endpoint with the *token* and *token_type_hint* > =*bearer*. Response - {"active":true} > curl -k -u admin:admin -H 'Content-Type: > application/x-www-form-urlencoded' -X POST --data > 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb&token_type_hint=bearer' > https://localhost:9443/oauth2/introspect > > 3. Invoke introspection endpoint with the *token* and *token_type_hint* > =*access_token*. Response - {"active":false} > curl -k -u admin:admin -H 'Content-Type: > application/x-www-form-urlencoded' -X POST --data > 'token=334060588-dd4e-36a5-ad93-440cc77a1cfb&token_type_hint=access_token' > https://localhost:9443/oauth2/introspect > > > According to the OAuth2 token introspection specification [2], > > If the server is unable to locate the token using the given hint, > > it MUST extend its search across all of its supported token types. > > > So, according to the specification, It should send the active parameter > of the response as true in the 3rd scenario. > > Appreciate your thoughts on this. > > [1] > https://docs.wso2.com/display/IS541/Invoke+the+OAuth+Introspection+Endpoint > [2] https://tools.ietf.org/html/rfc7662#section-2.1 > > Thanks, > Chanaka > -- > *Chanaka Lakmal* | Software Engineer | WSO2 Inc. > Mobile : (+94) 77 596 2256 > > > * <https://wso2.com/signature>* > -- Nilasini Thirunavukkarasu Senior Software Engineer - WSO2 Email : nilas...@wso2.com Mobile : +94775241823 Web : http://wso2.com/ <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
