Documentation
¶
Overview ¶
Example 05: Token Introspection (RFC 7662).
In examples 01-04 the resource server validated tokens locally by checking the JWT signature. That's fast, but if a token is revoked, the RS won't know until expiry. Introspection is the alternative: the RS asks the AS "is this token still valid?" — the AS checks its blacklist and returns the token's claims (or `{active: false}`).
Two-process architecture:
make serve # auth :8081 with token + introspection + blacklist make demo # walkthrough that drives it
Click to show internal directories.
Click to hide internal directories.