| Proposer | Christos Kanellopoulos, Gabriel Zachmann |
|---|---|
| Area | IDENTITY & ACCESS MANAGEMENT |
| Type of work | DEVELOPMENT |
| Output | PROTOTYPE |
| History |
Christos Kanellopoulos, Gabriel Zachmann: Proof-of-Concept for the AARC G052 implementation OAuth 2.0 Proxied Token Introspection, required by CoreAAI. In this protocol, an OAuth 2.0 Authorization Server (AS) receives an introspection request for a token it did not issue, to query a different, trusted AS. This enables the AS to determine the active state of the token and to retrieve associated metadata.
Proof-of-Concept for the AARC G052 implementation OAuth 2.0 Proxied Token Introspection, required by CoreAAI/EOSC AAI/other AARC compliant implementations. In this protocol, an OAuth 2.0 Authorization Server (AS) receives an introspection request for a token it did not issue, to query a different, trusted AS. This enables the AS to determine the active state of the token and to retrieve associated metadata.
An initial implementation called TIP was created by Gabriel Zachmann: https://github.com/zachmann/tip
TIP is a component that can be deployed next to the OP and implement G052. No need change the OP, just change the url of the advertised token introspection endpoint to the TIP endpoint.
In this topic, we,
extent functionality to support OpenID Federation
investigate what other improvements could be make
deployability, documentation
Outcome
Updated TIP version
The following parties will use the results of this activity:
| T&I Service | possibly |
|---|---|
| R&E Community | yes |
| External Party | possibly |
Activity Description