- Tokens
- Access Tokens
- Refresh Tokens
- ID Tokens
- Proof-of-Possession (PoP) Tokens
-
Grant Type
- Scopes
- PKCE (RFC 7636)
- Client Management
- Authorization Requests
- User Authentication
- Error Handling
- Client Authentication
- Introspection
-
Userinfo Endpoint
- Access token verification in Userinfo API
- JARM
- Device Flow (RFC 8628)
Access token verification in Userinfo API
Authlete's /auth/userinfo/issue API does internally verify access token in a request from authorization server.
Thus authorization server doesn't have to make a request to Authlete's introspection API (/auth/introspection) in advance of using the Userinfo API.
Thus authorization server doesn't have to make a request to Authlete's introspection API (/auth/introspection) in advance of using the Userinfo API.
How did we do with this article?