-
Notifications
You must be signed in to change notification settings - Fork 3
Token Introspection
PICSURE-2.0 offers a Token Introspection endpoint that follows the RFC 7662 standard
This endpoint is available at {PICSURE_URL}/token/inspect. This is a POST that accepts a map with key 'token' and the token as the value. It validates the token according to the PICSURE instance's secret and authorized users. This endpoint can be called from anywhere, as long as the user identified by the token has been authorized by that PICSURE-2.0 instance.
Additionally, PICSURE-2.0 itself can opt to use token introspection as its method of authorization. This is set by an environment variable named 'verify_user_method' that can be set to either "local" or "tokenIntrospection". If set to "tokenIntrospection", then additional environment variables "token_instrospection_url" and "token_introspection_token" must be set. These identify the path to the endpoint and a token for authorizing into the endpoint.