...
Code Block |
---|
|
POST {{baseUrl}}/uas/oauth2/introspection
Authorization: Basic Server2 secret
Content-Type: application/x-www-form-urlencoded
token={{accessTokenServer2accessToken}} |
Expand |
---|
title | Example Introspection response example |
---|
|
Code Block |
---|
| {
"usn": "ClientClient1",
"iss": "https://localhost:8443/uas",
"aud": [
"Server2"
],
"exp": 1696336474,
"iat": 1696332874,
"auth_time": 1696332874,
"amr": [
"https://localhost:8443/uas/saml2/names/ac/client.credentials.1"
],
"azp": "Server2",
"session_index": "_2d4a2d858137b04ca0154aac6a651988a5b63089",
"client.credentials.1.grant_type": [
"client_credentials"
],
"client.credentials.1.issuer_dn": [
"cn=ClientClient1,ou=Example,cn=Ubilogin,dc=test"
],
"client.credentials.1.issuer": [
"ClientClient1"
],
"client.credentials.1.dn": [
"cn=UserUser1,ou=Example,cn=Ubilogin,dc=test"
],
"client.credentials.1.ldap": [
"ldap:///cn=Ubilogin,dc=test"
],
"token_type": "access_token",
"active": true,
"client_id": "ClientClient1",
"expires_in": 3596
} |
|
Also user information can be obtained using received token:
Code Block |
---|
POST {{baseUrl}}/uas/oauth2/userinfo
Authorization: Bearer {{accessToken}} |
Expand |
---|
title | User info response example |
---|
|
Code Block |
---|
| {
"usn": "Client1",
"iss": "https://localhost:8443/uas",
"aud": [
"Server2",
"Client1"
],
"exp": 1696336474,
"iat": 1696333379,
"auth_time": 1696332874,
"amr": [
"https://localhost:8443/uas/saml2/names/ac/client.credentials.1"
],
"azp": "Client1",
"session_index": "_236ae5a56862435c4f19e6d6b55d90ae97e79df4",
"client.credentials.1.grant_type": [
"client_credentials"
],
"client.credentials.1.issuer_dn": [
"cn=Client1,ou=Example,cn=Ubilogin,dc=test"
],
"client.credentials.1.issuer": [
"Client1"
],
"client.credentials.1.dn": [
"cn=User1,ou=Example,cn=Ubilogin,dc=test"
],
"client.credentials.1.ldap": [
"ldap:///cn=Ubilogin,dc=test"
]
} |
|
Security risk and mitigation
...