- Managing issued tokens granted by each user (obtaining a list of clients, and updating scopes and revoking permissions for a particular client)
- Hybrid Flow: Issuing access tokens with subset of requested scopes
- Authlete's policy on sweeping unused tokens
- Introspection response for expired access token
- Refreshing a refresh token when the grant type is "refresh_token"
- How to specify token(s) on updating its information
- Getting a list of issued access tokens
- Enabling single access token per subject
- Ticket Parameter in Authorization Endpoint
- Changing signing key for ID token
- Client Management
- Error Handling
- Client Authentication
- Userinfo Endpoint
Introspection response for expired access token
Authlete's /auth/introspection API responds to requests with expired access token as follows:
- To the first request: The token has been expired. Authlete then removes the token from its database.
- To the second and subsequent requests: The token doesn't exist. Because the token has been removed at the first request.
How did we do with this article?