Validating a previously issued token from the resource server #692
Comments
|
@flipkickmedia in OIDC, the client of your API is sending you the access token, so you don't get a token that was previously issued, you get the token that was sent to your API as part of a request and validate it. The confusion tends to arise from the fact that frequently clients and resource provider are services. If you for example have a web service calling another API, consider that service the client and the API endpoint the resource provider. The client can also be a native app. Again, the app (client) will generally obtain a token and then send to the API endpoint (resource provider). |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
From the resource server, Id call an API endpoint on the auth server and check the token passed to the resource server is valid. How do you return tokens that were previously issued so I can validate them?
I'm using the example server/client in the source as a basis. It would be great to see this inside the example, so any extension on that codebase would be helpful. A PR on the example with this included would be great.
https://stackoverflow.com/questions/12296017/how-to-validate-an-oauth-2-0-access-token-for-a-resource-server
The text was updated successfully, but these errors were encountered: