Home page
AARC-G052

AARC-G052 OAuth 2.0 Proxied Token Introspection

This specification extends the OAuth 2.0 Token Introspection (RFC7662) method to allow conveying meta-information about a token from an Authorization Server (AS) to the protected resource even when there is no direct trust relationship between the protected resource and the token issuer. The method defined in this specification, termed “proxied” token introspection, requires access tokens to be presented in JWT format containing the iss claim for identifying the issuer of the token. Proxied token introspection assumes that the AS which is trusted by the protected resource has established a trust relationship with the AS which has issued the token that needs to be validated.

Document URLhttps://zenodo.org/records/10205863/files/OAuth%202.0%20Proxied%20Token%20Introspection%20-%20AARC-G052.pdf
Development information:  N/A
Status: Final (13 Nov 2023)
DOI10.5281/zenodo.10205863
Errata: none
Supersedes: none

aarc-contacts@lists.geant.org

Linkedin Twitter Youtube

© members of the AARC Community. 
The work leading to these results has received funding from the European Union (GAP 101131237) and other sources. The contents of this publication is the sole responsibility of AARC and does not necessarily reflect the opinion of the European Union.