TokenIntrospector resource
This table outlines the attributes of the TokenIntrospector resource and their descriptions.
TokenIntrospector.type*
string
Required. Specifies the type of token to introspect.
Supported values: opaque | jwt | aspxauth
TokenIntrospector.identity_provider
Reference
A reference to the associated IdentityProvider resource. Ties this TokenIntrospector to a particular identity provider, ensuring tokens are validated against the correct source.
TokenIntrospector.introspection_endpoint
object
Configuration for a remote introspection endpoint. The introspector will POST the token to this endpoint to obtain validation results.
TokenIntrospector.introspection_endpoint.url
string
The fully qualified URL of the remote introspection endpoint. The TokenIntrospector will send token validation requests here.
TokenIntrospector.introspection_endpoint.authorization
string
The authorization header value (e.g., a Basic Auth or Bearer token) used when calling the introspection endpoint. If present, it will be included in the request headers.
TokenIntrospector.jwks_uri
string
A URL pointing to a JSON Web Key Set (JWKS). When type is jwt, the introspector retrieves public keys from this URI to validate token signatures. This is typically used with asymmetric keys (e.g., RS256).
TokenIntrospector.jwt
object
Configuration for local JWT validation used when type is jwt. The TokenIntrospector will verify JWT signatures and claims without calling a remote endpoint.
TokenIntrospector.jwt.iss
string
The expected issuer (iss) claim value for JWTs. The TokenIntrospector ensures that tokens it validates come from this issuer.
TokenIntrospector.jwt.secret
string
A shared secret key or other signing key material used to verify the JWT’s signature.
Last updated