Skip to content

"invalid_request" when sending opaque access token to Introspect endpoint #1050

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
CarlRobinsonRAM opened this issue Jan 19, 2023 · 1 comment
Closed

"invalid_request" when sending opaque access token to Introspect endpoint #1050

CarlRobinsonRAM opened this issue Jan 19, 2023 · 1 comment
Assignees
@jgrandja
Labels
for: stackoverflow A question that's better suited to stackoverflow.com

Comments

@CarlRobinsonRAM
Copy link

CarlRobinsonRAM commented Jan 19, 2023
edited
Loading

Background
It would be super useful to have a full example and or guide to setting up spring authorisation server for use with opaque tokens.

I am currently working on migrating my existing app (Old spring auth server using opaque tokens with a custom PKCE Implementation) to this project and would be happy to write up an example / how-to guide after I have it working.

So far (through a little trial and error) I have gotten to the point where my SPA directs users to login and auth server directs them back with the code. My SPA then exchanges the code for an opaque access token which seems to work as expected.

The part I am currently stuck on is the Introspect endpoint.

Whenever I make an introspect request to the auth server (/oauth2/introspect) I am getting the error response shown below.

{
    "error": "invalid_request"
}

The annoying part of this is I can not see in the logs any reason for this and I can see that the token does exists in my DB.

Questions:
Is there any extra configuration needed for the Introspect Endpoint that isn't enabled out of the box?
Does anybody have a working example they can share?
Does anybody have any idea where I am going wrong?

Thanks,
Carl
@CarlRobinsonRAM CarlRobinsonRAM added the type: enhancement A general enhancement label Jan 19, 2023
@CarlRobinsonRAM CarlRobinsonRAM changed the title New example Request: Opaque token version of the "default-authorizationserver" example How To: Opaque token version of the "default-authorizationserver" example Jan 20, 2023
@CarlRobinsonRAM CarlRobinsonRAM changed the title How To: Opaque token version of the "default-authorizationserver" example "invalid_request" when sending opaque access token to Introspect endpoint Jan 21, 2023
@jgrandja
Copy link
Collaborator

@CarlRobinsonRAM

Whenever I make an introspect request to the auth server (/oauth2/introspect) I am getting the error

The Introspection Endpoint requires client authentication so this might be the issue? See Configuring Client Authentication for more details.

The annoying part of this is I can not see in the logs any reason for this

You can enable TRACE logging and then you will see where the issue is. Logging was added in gh-159.

I'm going to close this as these are questions that are better suited to Stack Overflow. We prefer to use GitHub issues only for bugs and enhancements.

However, if you feel there is something specific missing in the documentation or you would like to propose a How-to guide, please log a new issue. Thank you.

@jgrandja jgrandja self-assigned this Jan 23, 2023
@jgrandja jgrandja added for: stackoverflow A question that's better suited to stackoverflow.com and removed type: enhancement A general enhancement labels Jan 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jgrandja jgrandja

Labels
for: stackoverflow A question that's better suited to stackoverflow.com
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jgrandja @CarlRobinsonRAM