The token introspection is useful when you use an access token that is just a reference (instead of passing the values around using a JWT).
Using token introspection on the access token to get the content of the access token in addition to the ID token will still get you the same data twice (at least in the way it is currently defined). On 06/05/2014 09:52 PM, Bill Mills wrote: > If you need user info based on an access token the introspection > endpoint is the right way to go. Even so, there's issues with using an > access token as an authenticator and this is a major reason why OpenID > is the right way to go for authn.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ OAuth mailing list OAuth@ietf.org https://www.ietf.org/mailman/listinfo/oauth
