Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support introspection of access token in jwt plugin
See original GitHub issueI think it would be very grateful if the jwt plugin supports the introspection of access tokens to verify that the access token is still valid and authenticated via the introspection endpoint of the oidc provider.
I think it could be configureable as in the oidc plugin, so anyone who need this can activate it:
features: {
/**
* check token validity with provider during assertion process
*/
introspect_access_token: true,
/**
* if introspect_access_token is true, how long in seconds to cache the result
* if not a number greater than 0, the introspection endpoint will be requested *every* verify request
* NOTE: the cache is stored on a per-eas-session basis vs a per-token (jti) basis
*/
introspect_expiry: 0,
},
Issue Analytics
- State:
- Created 3 years ago
- Comments:28 (15 by maintainers)
Top Results From Across the Web
OAuth 2.0 Introspection plugin - Kong Docs
This plugin assumes that the consumer already has an access token that will be validated against a third-party OAuth 2.0 server.
Read more >access-token-introspection - LuaRocks
Plugin is protecting Kong API service/route with introspection of Oauth2.0 JWT access-token, added to request header. Plugin does a pre-request to oauth ...
Read more >JWT Response for OAuth Token Introspection - IETF
This specification proposes an additional JSON Web Token (JWT) secured response for OAuth 2.0 Token Introspection.
Read more >Kong access token introspection plugin - GitHub
Simple kong plugin for using custom jwt access token introspection, as API auth - GitHub - vmalyavin/kong-token-introspection: Simple kong plugin for using ...
Read more >Token Introspection Endpoint - OAuth 2.0 Simplified
The OAuth 2.0 Token Introspection extension defines a protocol that returns information about an access token, intended to be used by ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Oh, yeah it will introspect every request (unless introspection cache is turned in then whenever appropriate).
I should be able to add both…been a bit of a crazy week but when I get a little time I’m sure both requests can get knocked out.