Auth0 Home Blog Docs

Opaque token validation with introspection endpoint

Hi there,

I want to use Auth0 together with opaque tokens. According to the spec for OAuth Introspection opaque tokens should be validated at the authorization server using the introspection endpoint.
Unfortunately, Auth0 does not provide an introspection endpoint. How can I validate opaque tokens?

Is it planned to add support for token introspection or token revocation?

For some customers of mine, JWT tokens must not be used, for example, due to privacy reasons

Hi @andifalk,

As far as I know there is no way to validate whether an opaque access token has expired, other than the validation that occurs as part of the normal flow (when the audience presents the token as proof of delegation).

I would suggest submitting a feature request.

Mark

1 Like

Our product managers should contact you within 10 business days