Log out?

Token Introspection Validation Processor

The Token Introspection Validation Processor validates an access token using Token Introspection, which calls an authorization server API to perform the validation.

Select the Processor Configuration tab and click on Add Processor.

Select the Token Introspection Validation Processor from the drop-down.

In the Basic tab you can set:

Throw Exception on Rejection: whether or not to throw an exception upon rejection

In the Conditional Execution tab, you can set additional processor execution conditions. The Transaction data dependent condition may be specified here as enhanced expression. If this expression returns anything other than TRUE (ignore case) – this processor will be skipped.

On the Authentication Server tab you can specify:

URL: the URL to call to validate the token using Token Introspection

Method Type: the type of Token Introspection being performed

Timeout: how long to wait before timing out the call to the authentication server. If the value is set with enhanced properties, the units are seconds

POST Body Content Type: the Content-Type of the POST body

POST Body: the body of the POST request

HTTP Headers: the HTTP headers to send with the Token Introspection request

Token Valid Property: the JSON property in the response that will contain a boolean value indicating whether or not the token is valid.

Authentication Type: the type of authentication to use for the request to the Token Introspection URL. The RFC-7662 specification requires the use of some form of authentication, however not all OAuth2 specifications conform to this.

Username: the Username for Basic Authentication

Password: the Password for Basic Authentication

Token: the Token for Token Authentication. This should not be confused with the access token being validated, this is a special token to use to authenticate the request to the Token Introspection URL.

This is a unique website which will require a more modern browser to work! Please upgrade today!


Our editors are notified.