To check if an access token is still valid, expired, revoked, issued by our Authorization Server, we will use the Authorization Server token introspection endpoint to do this.
With Authorization Server implemented using Spring Authorization Server, you can use the endpoint token introspection as POST request http://localhost:8080/oauth2/introspect with request body containing parameter token with value is the access token we want to check, client_id and client_secret to authenticate the request.
Note that when setting up Authorization Server using Spring Authorization Server, you need to provide issuer information by declaring a bean of the ProviderSettings class, for example as follows:
1 2 3 4 5 6 7 8 |
@Bean public ProviderSettings providerSettings() { // @formatter:off return ProviderSettings.builder() .issuer("http://localhost:8080") .build(); // @formatter:on } |
Suppose now, you get the access token of a RegisteredClient declared in the Authorization Server:
1 2 3 4 5 6 7 8 9 |
// @formatter:off RegisteredClient registeredClient1 = RegisteredClient.withId(UUID.randomUUID().toString()) .clientId("huongdanjava1") .clientSecret("{noop}123") .clientAuthenticationMethod(ClientAuthenticationMethod.CLIENT_SECRET_POST) .authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS) .tokenSettings(tokenSettings()) .build(); // @formatter:on |
then request to endpoint token introspection, you will see the following result:
Santosh Keleti
Thanks it worked perfectly. if possible can you make an article on JdbcRegisteredClientRepository. i need it. thanks.