auth.m2m: Add token revocation and introspection endpoints

## Use Case

The `auth.m2m` module currently supports token issuance (`POST /oauth/token`) and JWKS (`GET /oauth/jwks`). For a complete OAuth2 implementation, token revocation and introspection are also needed.

## Proposed Endpoints

### Token Revocation (RFC 7009)
```
POST /oauth/revoke
Content-Type: application/x-www-form-urlencoded

token=<access_token>&token_type_hint=access_token
```

Response: 200 OK (empty body)

This would add the token's JTI to the blacklist (the `oauth2_jti_blacklist` table pattern is already used in Chimera's cleanup jobs).

### Token Introspection (RFC 7662)
```
POST /oauth/introspect
Content-Type: application/x-www-form-urlencoded

token=<access_token>
```

Response:
```json
{
  "active": true,
  "client_id": "my-client",
  "scope": "admin read write",
  "exp": 1735689600,
  "iat": 1735686000,
  "iss": "chimera"
}
```

## Context

Chimera's main branch uses Fosite for full OAuth2 with revocation and introspection. The workflow engine branch uses `auth.m2m` which lacks these endpoints. While not blocking for current use cases, they would improve OAuth2 completeness.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

auth.m2m: Add token revocation and introspection endpoints #243

Use Case

Proposed Endpoints

Token Revocation (RFC 7009)

Token Introspection (RFC 7662)

Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

auth.m2m: Add token revocation and introspection endpoints #243

Description

Use Case

Proposed Endpoints

Token Revocation (RFC 7009)

Token Introspection (RFC 7662)

Context

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions