As an OAuth provider can be deployed as separate entities, the Resource Server should be able to validate access tokens by querying directly at a shared database or even by asking the Authorization Server through an available endpoint. To support this approach, the community has created an OAuth 2.0 profile called OAuth 2.0 Token Introspection, defined by the RFC 7662 specification which is available at https://tools.ietf.org/html/rfc7662. This recipe will present how to enable the Authorization Server to support the /oauth/check_token endpoint and how to configure RemoteTokenServices at the Resource Server, which can be used to remotely validate any presented access token.
United States
Great Britain
India
Germany
France
Canada
Russia
Spain
Brazil
Australia
Singapore
Hungary
Philippines
Mexico
Thailand
Ukraine
Luxembourg
Estonia
Lithuania
Norway
Chile
South Korea
Ecuador
Colombia
Taiwan
Switzerland
Indonesia
Cyprus
Denmark
Finland
Poland
Malta
Czechia
New Zealand
Austria
Turkey
Sweden
Italy
Egypt
Belgium
Portugal
Slovenia
Ireland
Romania
Greece
Argentina
Malaysia
South Africa
Netherlands
Bulgaria
Latvia
Japan
Slovakia