When dealing with an opaque token, no claim can be directly retrieved. This means that this kind of token cannot provide scopes. The TokenValidator could be updated to allow to return a map of claims for the opaque token. Then the default TokenValidator could use a configured token introspection endpoint to retrieved these claims at validation.
- The
TokenValidator interface must be updated
- The
UserInfoTokenValidator should be renamed DefaultTokenValidator and implement the ability to retrieve claims from the token introspection endpoint if configured. It could still fallback to calling the user info endpoint if no introspection endpoint is available.
When dealing with an opaque token, no claim can be directly retrieved. This means that this kind of token cannot provide scopes. The
TokenValidatorcould be updated to allow to return a map of claims for the opaque token. Then the defaultTokenValidatorcould use a configured token introspection endpoint to retrieved these claims at validation.TokenValidatorinterface must be updatedUserInfoTokenValidatorshould be renamedDefaultTokenValidatorand implement the ability to retrieve claims from the token introspection endpoint if configured. It could still fallback to calling the user info endpoint if no introspection endpoint is available.