[OPENAM-10144] Add introspection endpoint in .well_known discovery Created: 05/Dec/16  Updated: 02/Feb/17  Resolved: 02/Feb/17

Status: Resolved
Project: OpenAM
Component/s: oauth2
Affects Version/s: 13.5.0, 14.0.0
Fix Version/s: 13.5.1, 14.0.0

Type: Improvement Priority: Minor
Reporter: Quentin CASTEL [X] (Inactive) Assignee: Sachiko Wallace
Resolution: Fixed Votes: 0
Labels: EDISON, Must-Fix
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Target Version/s:
Sprint: AM Sustaining Sprint 33
Story Points: 2
Support Ticket IDs:

 Description   

Since 13, we got an introspection endpoint. However, this endpoint is not listed via the oauth2/.well-known/openid-configuration

How to reproduce

  • Create an oauth2 provider
  • access the oauth2/.well-known/openid-configuration endpoint

expected result

Having the following json attribute:

{ ... "introspection_endpoint":"http://openam.example.com:13080/openam/oauth2/introspect" ..}

Suggested implementation

In OpenIDConnectProviderConfiguration.java, we add

        configuration.put("introspection_endpoint", uris.getIntrospectionEndpoint());


 Comments   
Comment by Sachiko Wallace [ 31/Jan/17 ]

introspection_endpoint defined in OIDC discovery service.
The logic is already there.
http://openid.net/specs/openid-heart-openid-connect-2015-12-07.html#Discovery

Generated at Mon Jan 18 10:59:22 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.