Join GitHub today
Introspection endpoint doesn't follow RFCs for invalid token #42
I'm not doing a PR as I don't know how do you want to correct this issue (serveral possibilities). Here:
when the token doesn't exist it should return a 200 with active=false instead of an invalid request as the RFC mention it:
On my side I just did return a special value in query_token and handled it in introspect_token.