As an OAuth provider can be deployed as separate entities, the Resource Server should be able to validate access tokens by querying directly at a shared database or even by asking the Authorization Server through an available endpoint. To support this approach, the community has created an OAuth 2.0 profile called OAuth 2.0 Token Introspection, defined by the RFC 7662 specification which is available at https://tools.ietf.org/html/rfc7662. This recipe will present how to enable the Authorization Server to support the /oauth/check_token endpoint and how to configure RemoteTokenServices at the Resource Server, which can be used to remotely validate any presented access token.
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Ukraine
Luxembourg
Estonia
Lithuania
South Korea
Turkey
Switzerland
Colombia
Taiwan
Chile
Norway
Ecuador
Indonesia
New Zealand
Cyprus
Denmark
Finland
Poland
Malta
Czechia
Austria
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Netherlands
Bulgaria
Latvia
South Africa
Malaysia
Japan
Slovakia
Philippines
Mexico
Thailand