Christos Kanellopoulos, Gabriel Zachmann: Proof-of-Concept for the AARC G052 implementation OAuth 2.0 Proxied Token Introspection, required by CoreAAI. In this protocol, an OAuth 2.0 Authorization Server (AS) receives an introspection request for a token it did not issue, to query a different, trusted AS. This enables the AS to determine the active state of the token and to retrieve associated metadata.

Proof-of-Concept for the AARC G052 implementation OAuth 2.0 Proxied Token Introspection, required by CoreAAI/EOSC AAI/other AARC compliant implementations. In this protocol, an OAuth 2.0 Authorization Server (AS) receives an introspection request for a token it did not issue, to query a different, trusted AS. This enables the AS to determine the active state of the token and to retrieve associated metadata.

An initial implementation called TIP was created by Gabriel Zachmann: https://github.com/zachmann/tip

TIP is a component that can be deployed next to the OP and implement G052. No need change the OP, just change the url of the advertised token introspection endpoint to the TIP endpoint.

In this topic, we,

• extent functionality to support OpenID Federation

• investigate what other improvements could be make

  • deployability, documentation

Outcome

• Updated TIP version

The following parties will use the results of this activity: