introspect

package

v1.6.1 Latest Latest Go to latest Published: Apr 3, 2026 License: GPL-3.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/eugenioenko/autentico

Links

Open Source Insights

Documentation ¶

Index ¶

func HandleIntrospect(w http.ResponseWriter, r *http.Request)
func IntrospectToken(tokenID string) (*token.Token, error)
func ValidateTokenIntrospectRequest(input IntrospectRequest) error
type IntrospectRequest
type IntrospectResponse

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func HandleIntrospect ¶

func HandleIntrospect(w http.ResponseWriter, r *http.Request)

HandleIntrospect godoc @Summary Introspect a token @Description Validates and retrieves metadata about a token @Tags introspect @Accept json @Produce json @Param token body IntrospectRequest true "Token introspection payload" @Success 200 {object} IntrospectResponse @Failure 400 {object} model.ApiError @Failure 401 {object} model.ApiError @Failure 429 {object} model.ApiError @Failure 500 {object} model.ApiError @Router /oauth2/introspect [post]

func IntrospectToken ¶

func IntrospectToken(tokenID string) (*token.Token, error)

IntrospectToken looks up a token by access_token or refresh_token value and performs the checks required by RFC 7662 §4 (Security Considerations): - If the token can expire, determine whether it has expired. - If the token can be revoked, determine whether revocation has occurred. Returns nil with an error for any inactive state; the caller MUST return 200 {"active":false} per RFC 7662 §2.2.

func ValidateTokenIntrospectRequest ¶

func ValidateTokenIntrospectRequest(input IntrospectRequest) error

Types ¶

type IntrospectRequest ¶

type IntrospectRequest struct {
	Token string `json:"token"`
}

type IntrospectResponse ¶

type IntrospectResponse struct {
	Active           bool   `json:"active"`               // RFC 7662 §2.2: REQUIRED. Whether the token is currently active.
	Scope            string `json:"scope,omitempty"`      // RFC 7662 §2.2: OPTIONAL. Space-delimited list of scopes.
	ClientID         string `json:"client_id,omitempty"`  // RFC 7662 §2.2: OPTIONAL. Client that requested this token.
	Username         string `json:"username,omitempty"`   // RFC 7662 §2.2: OPTIONAL. Human-readable resource owner identifier.
	TokenType        string `json:"token_type,omitempty"` // RFC 7662 §2.2: OPTIONAL. Type of the token (e.g., "bearer").
	Exp              int64  `json:"exp,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Expiration time (Unix timestamp).
	Iat              int64  `json:"iat,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Issued-at time (Unix timestamp).
	Sub              string `json:"sub,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Subject of the token.
	Aud              string `json:"aud,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Intended audience.
	Iss              string `json:"iss,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Issuer of this token.
	Nbf              int64  `json:"nbf,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Not-before time (Unix timestamp).
	Jti              string `json:"jti,omitempty"`        // RFC 7662 §2.2: OPTIONAL. Unique identifier for the token.
	Error            string `json:"error,omitempty"`
	ErrorDescription string `json:"error_description,omitempty"`
}

IntrospectResponse represents the RFC 7662 §2.2 introspection response. "active" is REQUIRED; all other fields are OPTIONAL per the spec.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL