AARC-G052 OAuth 2.0 Proxied Token Introspection

This specification extends the OAuth 2.0 Token Introspection (RFC7662) method to allow conveying meta-information about a token from an Authorization Server (AS) to the protected resource even when there is no direct trust relationship between the protected resource and the token issuer. The method defined in this specification, termed “proxied” token introspection, requires access tokens to be presented in JWT format containing the iss claim for identifying the issuer of the token. Proxied token introspection assumes that the AS which is trusted by the protected resource has established a trust relationship with the AS which has issued the token that needs to be validated.

Document URL: https://zenodo.org/records/10205863/files/OAuth%202.0%20Proxied%20Token%20Introspection%20-%20AARC-G052.pdf
Development information:  N/A
Status: Final (13 Nov 2023)
DOI: 10.5281/zenodo.10205863
Errata: none
Supersedes: none