Introspection Endpoint improvement to support Client Authentication

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Introspection Endpoint improvement to support Client Authentication

Isuranga Perera
Hi Abhishek

In [1] you have mentioned that the client authentication is not enforced on oauth2 introspection endpoint. But sample requests given suggests otherwise. Can you please clarify what you meant by $subject.

[1] https://github.com/wso2/product-is/issues/4314

Best Regards
--
Isuranga Perera | Software Engineer | WSO2 Inc.
 +94 71 735 7034 [hidden email]


_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev
Reply | Threaded
Open this post in threaded view
|

Re: Introspection Endpoint improvement to support Client Authentication

Farasath Ahamed
The GitHub issue title is a bit confusing.

I think it should be to supporting client authentication based on client_id and client_secret of the app for the introspection endpoint.

On Tue, Feb 12, 2019 at 7:55 AM Isuranga Perera <[hidden email]> wrote:
Hi Abhishek

In [1] you have mentioned that the client authentication is not enforced on oauth2 introspection endpoint. But sample requests given suggests otherwise. Can you please clarify what you meant by $subject.

[1] https://github.com/wso2/product-is/issues/4314

Best Regards
--
Isuranga Perera | Software Engineer | WSO2 Inc.
 +94 71 735 7034 [hidden email]

_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev


--
Farasath Ahamed
Senior Software Engineer, WSO2 Inc.; http://wso2.com
Mobile: <a href="tel:%2B94777603866" value="+94713149860" style="font-size:12.8px;color:rgb(17,85,204)" target="_blank">+94777603866
Twitter: @farazath619





_______________________________________________
Dev mailing list
[hidden email]
http://wso2.org/cgi-bin/mailman/listinfo/dev