AARC-G052 OAuth 2.0 Proxied Token Introspection (AARC-G052)
Hardt, Marcus
1; Bucik, Dominik Frantisek; Jensen, Jens; Kanakarakis, Ivan; Kanellopoulos, Christos; Liampotis, Nicolas; Salle, Mischa
1 Scientific Computing Center (SCC), Karlsruher Institut für Technologie (KIT)
1; Bucik, Dominik Frantisek; Jensen, Jens; Kanakarakis, Ivan; Kanellopoulos, Christos; Liampotis, Nicolas; Salle, Mischa1 Scientific Computing Center (SCC), Karlsruher Institut für Technologie (KIT)
Abstract:
This specification extends the OAuth 2.0 Token Introspection (RFC7662) method to allow conveying meta-information about a token from an Authorization Server (AS) to the protected resource even when there is no direct trust relationship between the protected resource and the token issuer. The method defined in this specification, termed “proxied” token introspection, requires access tokens to be presented in JWT format containing the iss claim for identifying the issuer of the token. Proxied token introspection assumes that the AS which is trusted by the protected resource has established a trust relationship with the AS which has issued the token that needs to be validated.
| Zugehörige Institution(en) am KIT | Scientific Computing Center (SCC) |
| Publikationstyp | Forschungsbericht/Preprint |
| Publikationsdatum | 13.11.2023 |
| Sprache | Englisch |
| Identifikator | KITopen-ID: 1000172568 |
| HGF-Programm | 46.21.02 (POF IV, LK 01) Cross-Domain ATMLs and Research Groups |
| Vorab online veröffentlicht am | 12.11.2023 |
| Schlagwörter | AARC, AAI, IAM |