To check if an access token is still valid, expired, revoked, or issued by our Authorization Server, we will use the token introspection endpoint of the Authorization Server to do this.
With Authorization Server implemented using Spring Authorization Server, you can use the token introspection endpoint as POST request http://localhost:8080/oauth2/introspect with request body containing “token” parameter with value is the access token we want to check, client_id and client_secret to authenticate the request.
Suppose now, you get the access token of a RegisteredClient declared in the Authorization Server:
|
1 2 3 4 5 6 7 8 |
// @formatter:off RegisteredClient registeredClient2 = RegisteredClient.withId(UUID.randomUUID().toString()) .clientId("huongdanjava2") .clientSecret("{noop}1232") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) .build(); // @formatter:on |
then request the token introspection endpoint, you will see the following result:
Santosh Keleti
Thanks it worked perfectly. if possible can you make an article on JdbcRegisteredClientRepository. i need it. thanks.