oken’s expiry? Can’t they
> just use the refresh token and see? Either way it’s a single round trip to
> the AS and the client gets the same answer with the same recovery code path.
>
> — Justin
>
> On Mar 4, 2020, at 2:01 PM, Bill Jung <
> bjung=40pingidentity@dmarc.ietf
ccess Token introspection to RS only. But then is that the right
thing to do even?
Surely some clarification will eliminate the time spent on unnecessary
discussion among developers.
<https://www.pingidentity.com>[image: Ping Identity]
<https://www.pingidentity.com>
Bill Jung
Yes, actually the term "protected resource" is awkward. It is the resource
server's jog to introspect tokens to protect those protected resources.
<https://www.pingidentity.com>[image: Ping Identity]
<https://www.pingidentity.com>
Bill Jung
Manager, Response Engineeri
oken" value returned from the
token endpointas defined in OAuth 2.0 [RFC6749], Section 5.1."*
So looks like a refresh token is allowed for this endpoint.
<https://www.pingidentity.com>[image: Ping Identity]
<https://www.pingidentity.com>
Bill Jung
Manager, Response Engineeri