Invalid token_type SessionToken #55
Description
The token_type in the SessionToken describes the class of the token (access_token, refresh_token, ...).
In the OAuth2 spec token_type is used to describe an access_token(https://datatracker.ietf.org/doc/html/rfc6749#section-7.1)
token.token_type is used in the introspection endpoint to get the value of the token_type(https://github.com/IdentityPython/oidc-op/blob/develop/src/oidcop/oauth2/introspection.py#L47), which is wrong (it shouldn't be access_token, but Bearer)
We had this discussion on slack some time ago, I am going to try to document our decision so that we can move forward with implementing it.
We are going to have the following toke fields: token_type, token_syntax, token_class:
token_type: will be used only for access_tokens, the possible values will bebearerandmacaccording to https://datatracker.ietf.org/doc/html/rfc6749#section-7.1token_syntax: will describe the syntax of the token likeJWT,SAML1,SAML2according to https://datatracker.ietf.org/doc/html/rfc8693#section-3. Perhaps we should add the valueSTRINGfor random string tokens?token_class: The class of the token (the currenttoken_type), this will take one of the following values:authorization_code,access_token,refresh_token,id_token.
@rohe @peppelinux what do you think? Should we start implementing this?