Token Introspector
Last updated
Was this helpful?
Last updated
Was this helpful?
The TokenIntrospector
resource in Aidbox is used to validate tokens issued by external authentication systems. It enables Aidbox to integrate with various identity providers and authentication servers by supporting different token validation methods.
When users authenticate with an external system and receive a token, Aidbox can use TokenIntrospector to validate these tokens and extract identity information. This allows for secure integration between Aidbox and external authentication systems.
Aidbox TokenIntrospector supports two main types of tokens:
1. JWT Tokens — JSON Web Tokens (JWTs) are self-contained tokens that include claims and can be verified using a signature.
2. Opaque Tokens — Non-transparent tokens that require validation against an external introspection endpoint.
See .
Client sends a request to Aidbox with a Bearer token
Aidbox identifies the token type
Based on the token type:
For JWT: Aidbox validates the signature and claims
For opaque: Aidbox sends the token to the introspection endpoint
If valid, Aidbox applies the relevant AccessPolicy
If the policy allows access, the request proceeds