You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using the OAuth 2.0 Access Token JWT Profile1, we should be able to validate access tokens for OpenID providers who give JWT access tokens but don't provide an introspection endpoint. This should cover most OpenID providers, though some providers may not provide either standard methods.
Not from what I can tell. It's a bit adjacent to the validating tokens issue, though that's focused on our 'client mode'. This issue is focused on 'protected resource mode'.
Using the OAuth 2.0 Access Token JWT Profile1, we should be able to validate access tokens for OpenID providers who give JWT access tokens but don't provide an introspection endpoint. This should cover most OpenID providers, though some providers may not provide either standard methods.
Footnotes
https://www.rfc-editor.org/rfc/rfc9068 ↩
The text was updated successfully, but these errors were encountered: