Coder Social home page Coder Social logo

Comments (5)

TakahikoKawasaki avatar TakahikoKawasaki commented on July 18, 2024

Access tokens issued by Authlete are just random strings (not JWTs) unless you use Authlete version 2.1+ and configure Service.accessTokenSignAlg properly. The version of Authlete running on api.authlete.com is 1.1, so if you are using api.authlete.com, JWTs you are seeing are not access tokens. Instead, they are ID tokens.

from java-oauth-server.

f74041153 avatar f74041153 commented on July 18, 2024

I replaced API key/secret and token value in this command with mine ,then executing it.
curl -v -X POST https://api.authlete.com/api/auth/introspection/standard \ -H "Content-Type:application/json" \ -u '10167240235:LFpGEwpyHKNYMeMHg-H339X8gXdVlix-GoCHQAjAMaE' \ -d '{ "parameters":"token=VFGsNK-5sXiqterdaR7b5QbRX9VTwVCQB87jbr2_xAI&token_type_hint=access_token" }'
The result I got after sending access token to the introspection endpoint has client_id in the 'aud' claim .

from java-oauth-server.

TakahikoKawasaki avatar TakahikoKawasaki commented on July 18, 2024

@f74041153 Regarding the response from /api/auth/introspection/standard, we are sorry. It is a known issue in Authlete 1.1. It has already been fixed in newer versions of Authlete. If the bug in Authlete 1.1 (api.authlete.com) is critical for your project, I'll consider updating api.authlete.com.

from java-oauth-server.

f74041153 avatar f74041153 commented on July 18, 2024

Thank you for updating api.authlete.com!
And how can I access the newer versions of Authlete ?

from java-oauth-server.

TakahikoKawasaki avatar TakahikoKawasaki commented on July 18, 2024

@f74041153 Regarding newer versions of Authlete, please contact [email protected].

Authlete 2.1 is the latest version. It supports FAPI (Financial-grade API), CIBA (Client Initiated Backchannel Authentication), JARM (JWT Secured Authorization Response Mode for OAuth 2.0), JWT-based access tokens, etc.

One of remarkable points of the latest Authlete is that it is the world's first certified Financial-grade API (FAPI) OpenID Provider.

https://openid.net/certification/#FAPI_OPs

Please check the following articles if you are interested.

from java-oauth-server.

Related Issues (7)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.