Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagenone
POST {{baseUrl}}/uas/oauth2/introspection
Authorization: Basic Server2 secret
Content-Type: application/x-www-form-urlencoded

token={{accessTokenServer2accessToken}}
Expand
titleExample Introspection response example
Code Block
languagejson
{
  "usn": "ClientClient1",
  "iss": "https://localhost:8443/uas",
  "aud": [
    "Server2"
  ],
  "exp": 1696336474,
  "iat": 1696332874,
  "auth_time": 1696332874,
  "amr": [
    "https://localhost:8443/uas/saml2/names/ac/client.credentials.1"
  ],
  "azp": "Server2",
  "session_index": "_2d4a2d858137b04ca0154aac6a651988a5b63089",
  "client.credentials.1.grant_type": [
    "client_credentials"
  ],
  "client.credentials.1.issuer_dn": [
    "cn=ClientClient1,ou=Example,cn=Ubilogin,dc=test"
  ],
  "client.credentials.1.issuer": [
    "ClientClient1"
  ],
  "client.credentials.1.dn": [
    "cn=UserUser1,ou=Example,cn=Ubilogin,dc=test"
  ],
  "client.credentials.1.ldap": [
    "ldap:///cn=Ubilogin,dc=test"
  ],
  "token_type": "access_token",
  "active": true,
  "client_id": "ClientClient1",
  "expires_in": 3596
}

Also user information can be obtained using received token:

Code Block
POST {{baseUrl}}/uas/oauth2/userinfo
Authorization: Bearer {{accessToken}}
Expand
titleUser info response example
Code Block
languagejson
{
  "usn": "Client1",
  "iss": "https://localhost:8443/uas",
  "aud": [
    "Server2",
    "Client1"
  ],
  "exp": 1696336474,
  "iat": 1696333379,
  "auth_time": 1696332874,
  "amr": [
    "https://localhost:8443/uas/saml2/names/ac/client.credentials.1"
  ],
  "azp": "Client1",
  "session_index": "_236ae5a56862435c4f19e6d6b55d90ae97e79df4",
  "client.credentials.1.grant_type": [
    "client_credentials"
  ],
  "client.credentials.1.issuer_dn": [
    "cn=Client1,ou=Example,cn=Ubilogin,dc=test"
  ],
  "client.credentials.1.issuer": [
    "Client1"
  ],
  "client.credentials.1.dn": [
    "cn=User1,ou=Example,cn=Ubilogin,dc=test"
  ],
  "client.credentials.1.ldap": [
    "ldap:///cn=Ubilogin,dc=test"
  ]
}

Security risk and mitigation

...