UNLIMITED FREE ACCESS TO THE WORLD'S BEST IDEAS

close
Already an Engineering360 user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your Engineering360 Experience

close

Select Your Free Newsletters

Industry Newsletters

Select Your Free Product Alerts

Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

IETF RFC 7662

OAuth 2.0 Token Introspection

active, Most Current
Buy Now
Organization: IETF
Publication Date: 1 October 2015
Status: active
Page Count: 17
scope:

This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.

Document History

IETF RFC 7662
October 1, 2015
OAuth 2.0 Token Introspection
This specification defines a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about...

References

This document references:
IETF RFC 6125 - Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS)
Published by IETF on March 1, 2011
Many application technologies enable secure communication between two entities by means of Internet Public Key Infrastructure Using X.509 (PKIX) certificates in the context of Transport Layer...
This document references:
IETF RFC 6749 - The OAuth 2.0 Authorization Framework
Published by IETF on October 1, 2012
The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction...
This document references:
IETF RFC 6750 - The OAuth 2.0 Authorization Framework: Bearer Token Usage
Published by IETF on October 1, 2012
This specification describes how to use bearer tokens in HTTP requests to access OAuth 2.0 protected resources. Any party in possession of a bearer token (a "bearer") can use it to get access to the...
This document references:
IETF RFC 7009 - OAuth 2.0 Token Revocation
Published by IETF on August 1, 2013
This document proposes an additional endpoint for OAuth authorization servers, which allows clients to notify the authorization server that a previously obtained refresh or access token is no longer...
This document is referenced by:
TS 133 179 - LTE; Security of Mission Critical Push To Talk (MCPTT) over LTE
Published by ETSI on August 1, 2020
The present document specifies the security architecture, procedures and information flows needed to protect the mission critical push to talk (MCPTT) service. The architecture includes mechanisms...
This document is referenced by:
TS 133 180 - LTE; Security of the Mission Critical (MC) service
Published by ETSI on April 1, 2022
The present document specifies the security architecture, procedures and information flows needed to protect the mission critical service (MCX). The architecture includes mechanisms to protect the...
This document is referenced by:
ISO 20078-3 - Road vehicles — Extended vehicle (ExVe) web services — Part 3: Security
Published by ISO on May 1, 2019
This document defines how to authenticate users and Accessing Parties on a web services interface. It also defines how a Resource Owner can delegate Access to its Resources to an Accessing Party....
This document is referenced by:
IETF RFC 8414 - OAuth 2.0 Authorization Server Metadata
Published by IETF on June 1, 2018
This specification defines a metadata format that an OAuth 2.0 client can use to obtain the information needed to interact with an OAuth 2.0 authorization server, including its endpoint locations and...
This document is referenced by:
IETF RFC 8485 - Vectors of Trust
Published by IETF on October 1, 2018
This document defines a mechanism for describing and signaling several aspects of a digital identity transaction and its participants. These aspects are used to determine the amount of trust to be...
View Less
View All
Advertisement