Skip to content

Support jwt in introspection response #15467

New issue
New issue
Open
Open
Support jwt in introspection response#15467
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: blockedAn issue that's blocked on an external project changetype: enhancementA general enhancement
@franticticktick

Description

@franticticktick
franticticktick
opened on Jul 23, 2024

It would be nice to provide support for phantom tokens. Many IDPs already have this feature, for example keycloak or curity. The main idea is that when introspect is called, jwt is returned in response. For example, as in keycloak:

{
  "jwt": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJLb3BHYmVaeFdHSWJ6N2NVbDQzRFNqLXRIS1d5aklpSFB3LTB2bGNpTTJRIn0.eyJleHAiOjE3MTY1NTgzMDYsImlhdCI6MTcxNjU1ODAwNiwiYXV0aF90aW1lIjoxNzE2NTU4MDA2LCJqdGkiOiI2MGNlZjcyNC01Njk4LTRmYzQtODEwMC02ZWVjYmY4ZjdhZGQiLCJpc3MiOiJodHRwczovL2xvY2FsaG9zdDo4NTQzL2F1dGgvcmVhbG1zL3Rlc3QiLCJhdWQiOlsiYWNjb3VudC1jb25zb2xlIiwiYWNjb3VudCJdLCJzdWIiOiIyNDRlNmM1Mi0yMDRlLTM3NmEtOTkxOS1iYjgwODA4ZjE5MmMiLCJ0eXAiOiJCZWFyZXIiLCJhenAiOiJ0ZXN0LWFwcCIsInNpZCI6Ijg4NWMzYjVhLWIyMzUtNGViZS1iZTBjLTlmOTdlNzIwOTFlOCIsImFjciI6IjEiLCJhbGxvd2VkLW9yaWdpbnMiOlsiaHR0cDovL2xvY2FsaG9zdDo4MTgwIiwiaHR0cHM6Ly9sb2NhbGhvc3Q6ODU0MyJdLCJyZWFsbV9hY2Nlc3MiOnsicm9sZXMiOlsibmV3LXJvbGUiLCJoYXJkY29kZWQtcm9sZSIsIm9mZmxpbmVfYWNjZXNzIiwiYWRtaW4iXX0sInJlc291cmNlX2FjY2VzcyI6eyJ0ZXN0LWFwcCI6eyJyb2xlcyI6WyJjdXN0b21lci11c2VyIl19LCJhY2NvdW50Ijp7InJvbGVzIjpbIm1hbmFnZS1hY2NvdW50IiwibWFuYWdlLWFjY291bnQtbGlua3MiLCJ2aWV3LXByb2ZpbGUiXX19LCJzY29wZSI6Im9wZW5pZCBhZGRyZXNzIGVtYWlsIHByb2ZpbGUiLCJ1c2VyLXNlc3Npb24tbm90ZSI6IjE3MTY1NTgwMDYiLCJ0ZXN0LWNsYWltIjoidGVzdC12YWx1ZSIsImFkZHJlc3MiOnsic3RyZWV0X2FkZHJlc3MiOiIxIE15IFN0cmVldCIsImxvY2FsaXR5IjoiQ2FyZGlmZiIsInJlZ2lvbiI6IkNhcmRpZmYiLCJwb3N0YWxfY29kZSI6IkNGMTA0UkEifSwiZW1haWxfdmVyaWZpZWQiOmZhbHNlLCJncm91cC1uYW1lIjpbImxldmVsMmdyb3VwIl0sIm5hbWUiOiJUb20gQnJhZHkiLCJwcmVmZXJyZWRfdXNlcm5hbWUiOiJ0ZXN0LXVzZXJAbG9jYWxob3N0Iiwic2Vzc2lvbl9zdGF0ZSI6Ijg4NWMzYjVhLWIyMzUtNGViZS1iZTBjLTlmOTdlNzIwOTFlOCIsImdpdmVuX25hbWUiOiJUb20iLCJmYW1pbHlfbmFtZSI6IkJyYWR5IiwiZW1haWwiOiJ0ZXN0LXVzZXJAbG9jYWxob3N0In0.yiAScO2FDFeRXaYtRBjRuB5Y2pUZVg4dg6J41WL7mKHa3B_Zp1gshGx1W06fQQdFjlAWnz__QiKTqBwznf_ENxmTNP1Cl8e5h3Tv9fnxBWOVrpyCnKiEP1--va8JkFnwuN4x_JXCk_RLasNVK0CK4fm566WaiIstD2JM3-zoM8qzQFipY7EqFwaBZ1SYwIZnZxzKL_F8e6VVk3PnRHJBr0WYWo1uK889DBPZABjxzJlEs5IBeVYATCAwJBqYoPNeB-VPhN9JEFZWjlbBqVDhvw10KRs9JflJPn8IiJGM9zMUl-l5LZrm4pAGG4eC_unwY0ewg9gWI6hgxRNjRzLHMQ"
}

Apparently this is very similar to JWT Response for OAuth Token Introspection

Metadata

Metadata

Assignees

No one assigned

    Labels

    in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: blockedAn issue that's blocked on an external project changetype: enhancementA general enhancement

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions