I want to use Auth0 together with opaque tokens. According to the spec for OAuth Introspection opaque tokens should be validated at the authorization server using the introspection endpoint.
Unfortunately, Auth0 does not provide an introspection endpoint. How can I validate opaque tokens?
Is it planned to add support for token introspection or token revocation?
For some customers of mine, JWT tokens must not be used, for example, due to privacy reasons
As far as I know there is no way to validate whether an opaque access token has expired, other than the validation that occurs as part of the normal flow (when the audience presents the token as proof of delegation).
I would suggest submitting a feature request.
Our product managers should contact you within 10 business days
Some of our customers would also be interested in this feature. Could you please indicate if this is in the roadmap?
can you recheck with your product managers. I have not been contacted until now.
Hey again everyone!
Unfortunately we don’t have any plans to support introspection for now. We used to have a few people filing in feature request for that in the past but it was no big number of people advocating for that compared to other feature requests so the team probably decided to hold back here.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.