The Token Introspection Validation Processor validates an access token using Token Introspection, which calls an authorization server API to perform the validation.
Select the Processor Configuration tab and click on Add Processor.
Select the Token Introspection Validation Processor from the drop-down.
In the Basic tab you can set:
Throw Exception on Rejection: whether or not to throw an exception upon rejection
In the Conditional Execution tab, you can set additional processor execution conditions. The Transaction data dependent condition may be specified here as enhanced expression. If this expression returns anything other than TRUE (ignore case) – this processor will be skipped.
On the Authentication Server tab you can specify:
URL: the URL to call to validate the token using Token Introspection
Method Type: the type of Token Introspection being performed
Timeout: how long to wait before timing out the call to the authentication server. If the value is set with enhanced properties, the units are seconds
POST Body Content Type: the Content-Type of the POST body
POST Body: the body of the POST request
HTTP Headers: the HTTP headers to send with the Token Introspection request
Token Valid Property: the JSON property in the response that will contain a boolean value indicating whether or not the token is valid.
Authentication Type: the type of authentication to use for the request to the Token Introspection URL. The RFC-7662 specification requires the use of some form of authentication, however not all OAuth2 specifications conform to this.
Username: the Username for Basic Authentication
Password: the Password for Basic Authentication
Token: the Token for Token Authentication. This should not be confused with the access token being validated, this is a special token to use to authenticate the request to the Token Introspection URL.
On the Encoding tab you can specify:
URL Param Encoding: The encoding to use for any parameters in the URL string
Post Body Encoding: The encoding to use for the content of the POST body
Response Encoding: The encoding to use for the response to the introspection request.