OAuth 2. 0 RFC 7662 introspect endpoint exists but is not "documented"

[n2ygk]

Please make sure to document the RFC 7662 OAuth2 token introspection endpoint URL. See via the web console Identity Providers/Resident Identity Provider/Inbound Authentication Configuration/OAuth2/OpenID Connect Configuration the introspection endpoint URL is not shown, but it exists and works just fine (in 5.3.0):

Identity Provider Entity Id:    https://localhost:9443/oauth2/token
Authorization Endpoint URL: https://localhost:9443/oauth2/authorize
Token Endpoint URL: https://localhost:9443/oauth2/token
Token Revocation Endpoint URL:  https://localhost:9443/oauth2/revoke
User Info Endpoint URL: https://localhost:9443/oauth2/userinfo

Thanks!

[holgrs]

What is the Url of the introspection endpoint?

[n2ygk]

/oauth2/introspect

[chrisdrobison]

You might also want to document the discovery endpoint as well since that is supposed to exist.

[madurangasiriwardena]

Hi @n2ygk and @chrisdrobison ,

Thanks for pointing out the documentation issues.

At the moment we are at the development stage of IS 5.3.0 and these are new features added to IS 5.3.0. We are in the process of modifying the doc space the with new features. These features will be added to the documentation soon.

Thanks.

[Flickster42490]

Hi @madurangasiriwardena ,

I'm trying to hit the oauth2/introspect endpoint using an ajax POST call from the client, I get back a 401 unauthorized OPTIONS error. But when I directly make an options call using a tool like POSTMAN with a basic authentication header, it returns for me. Any idea why this might be happening and is it a documented issue?

Thanks.

[mefarazath]

You need to add CORS headers to server response to be able to do this using ajax. Similar discussion can be found here.

This blog discusses a solution for this on WSO2 Identity Server.

[mefarazath]

Documentation related to introspection have been added https://docs.wso2.com/display/IS530/Invoke+the+OAuth+Introspection+Endpoint