You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug rs.Introspect method inside req is created to inspect the token and host of this request is always be the host of Introspect endpoint host. As of my understanding token issued host and Introspect endpoint can be different in this case token validation will fail.
To Reproduce
Create a access token for different host from Introspect url host.
try to introspect the token
This will always fail cause token issued host and the introspect different.
Expected behavior
introspect method should allow req host changes as of my understanding.
I am pretty new to this and maybe this is not a bug rather a question.
The text was updated successfully, but these errors were encountered:
Assume token is issued for xyz.com host and my authentication server is hosted in auth.com, now when user send a request with a generated token from xyz.com and if I Introspect the token from backend this will always fail.
Reason: Introspect req doesn't know the issued host. cause request is generated inside the Introspect method.
If I understand you correctly your backend (Resource Server) tries to send a token to the introspect endpoint of auth0, right? In this case our library should not really care about the content of the token.
As seen here the library uses the inputs provided through the configuration with tokenURL and introspectURL. This is where you can configure those endpoints.
You can also use the dynamic configuration
Describe the bug
rs.Introspect
method inside req is created to inspect the token and host of this request is always be the host of Introspect endpoint host. As of my understanding token issued host and Introspect endpoint can be different in this case token validation will fail.To Reproduce
This will always fail cause token issued host and the introspect different.
Expected behavior
introspect method should allow req host changes as of my understanding.
I am pretty new to this and maybe this is not a bug rather a question.
The text was updated successfully, but these errors were encountered: