New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#1204: Improve token introspection configuration #1262
#1204: Improve token introspection configuration #1262
Conversation
@nbulaj
|
That's are great points, @linhdangduy ! Would you like to propose a PR to fix them? I can do it myself if not.
|
@nbulaj I've learned a lot while reading doorkeeper and your feedback at my pull request. |
@nbulaj ProposingThe request can be authorized by using two method
# for `token`
allow_token_introspection_by_authorized_token do |token, authorized_token|
end
# for `client credentials`
allow_token_introspection_by_client do |token, authorized_client|
end Pros:
Cons:
Some thought about current Code:doorkeeper/lib/doorkeeper/oauth/token_introspection.rb Lines 153 to 155 in 4965eed
I'm not for the authorized_token&.application as the client send to config block. client param is should only used for authorized_client, not application of authorized_token.Because at here, the request is authorized by authorized_token method, so if using only one configuration, authorized_token method will accidentally read the config of client_credential method (for example: token.application == authorized_client )
UPD1 Oh, sorry to make thing complicated, I think we can just use only one configuration. (need |
@nbulaj |
Hi @linhdangduy . There are no concrete release date, we are watching for opened / critical issues / PRs and make a decision on top of that data. Very approximately - mid of June if we wouldn't catch any big issues. |
Hi @linhdangduy . You can try to use doorkeeper |
@nbulaj Sure, I will try it. Thank you very much ❤️ |
Improve token introspection configuration (provide access to authorized client and authorized token)