diff --git a/controllers/token.go b/controllers/token.go index fd0833b6..dada4e56 100644 --- a/controllers/token.go +++ b/controllers/token.go @@ -237,12 +237,12 @@ func (c *ApiController) TokenLogout() { // representing the meta information surrounding the // token, including whether this token is currently active. // This endpoint only support Basic Authorization. -// @Param body body {object.TokenIntrospectionRequest} true "the request body" +// @Param token formData string true "access_token's value or refresh_token's value" +// @Param token_type_hint formData string true "the token type access_token or refresh_token" // @Success 200 {object} object.IntrospectionResponse The Response object // @router /login/oauth/introspect [post] func (c *ApiController) IntrospectToken() { - var body object.TokenIntrospectionRequest - err := json.Unmarshal(c.Ctx.Input.RequestBody, &body) + tokenValue := c.Input().Get("token") clientId, clientSecret, ok := c.Ctx.Request.BasicAuth() if !ok { util.LogWarning(c.Ctx, "Basic Authorization parses failed") @@ -257,14 +257,14 @@ func (c *ApiController) IntrospectToken() { c.ServeJSON() return } - token := object.GetTokenByTokenAndApplication(body.Token, application.Name) + token := object.GetTokenByTokenAndApplication(tokenValue, application.Name) if token == nil { util.LogWarning(c.Ctx, "application: %s can not find token", application.Name) c.Data["json"] = &object.IntrospectionResponse{Active: false} c.ServeJSON() return } - jwtToken, err := object.ParseJwtTokenByApplication(body.Token, application) + jwtToken, err := object.ParseJwtTokenByApplication(tokenValue, application) if err != nil || jwtToken.Valid() != nil { // and token revoked case. but we not implement // TODO: 2022-03-03 add token revoked check, when we implemented the Token Revocation(rfc7009) Specs. diff --git a/object/oidc_discovery.go b/object/oidc_discovery.go index 0c61f8ae..43aad078 100644 --- a/object/oidc_discovery.go +++ b/object/oidc_discovery.go @@ -30,6 +30,7 @@ type OidcDiscovery struct { TokenEndpoint string `json:"token_endpoint"` UserinfoEndpoint string `json:"userinfo_endpoint"` JwksUri string `json:"jwks_uri"` + IntrospectionEndpoint string `json:"introspection_endpoint"` ResponseTypesSupported []string `json:"response_types_supported"` ResponseModesSupported []string `json:"response_modes_supported"` GrantTypesSupported []string `json:"grant_types_supported"` @@ -74,6 +75,7 @@ func GetOidcDiscovery(host string) OidcDiscovery { TokenEndpoint: fmt.Sprintf("%s/api/login/oauth/access_token", originBackend), UserinfoEndpoint: fmt.Sprintf("%s/api/userinfo", originBackend), JwksUri: fmt.Sprintf("%s/.well-known/jwks", originBackend), + IntrospectionEndpoint: fmt.Sprintf("%s/api/login/oauth/introspect", originBackend), ResponseTypesSupported: []string{"id_token"}, ResponseModesSupported: []string{"login", "code", "link"}, GrantTypesSupported: []string{"password", "authorization_code"}, diff --git a/object/token.go b/object/token.go index 3b81a93a..7a48f2b2 100644 --- a/object/token.go +++ b/object/token.go @@ -60,14 +60,6 @@ type TokenWrapper struct { Scope string `json:"scope"` } -type TokenIntrospectionRequest struct { - // access_token's value or refresh_token's value - Token string `json:"token"` - // pass this parameter to help the authorization server optimize the token lookup. - // value is one of `access_token` or `refresh_token` - TokenTypeHint string `json:"token_type_hint,omitempty"` -} - type IntrospectionResponse struct { Active bool `json:"active"` Scope string `json:"scope,omitempty"`