Is there a way to validate access & refresh tokens issued using the Simple OAuth module?

levente.nas

1/29/24, 9:30 PM

I am using the OAuth2 authorization code grant with the Simple OAuth module. Everything is working, however I would like to be able to validate access and refresh tokens from my frontend NodeJS server. Is there an API endpoint to which I can send a token to, and in the response I get information about that token (aka token introspection)? For example, a response telling me the token is expired.

Thanks for all the help in advance, and let me know if I need to clarify the question in any way!

1 + 6

authentication-authorization

cilefen

1/29/24, 11:44 PM

The question is how to validate JavaScript Web Tokens on other web apps. Do I have that right?

levente.nas

1/30/24, 1:45 AM

@cilefen Not quite. I want to validate access tokens I've received from Drupal/Simple OAuth module. I receive an authorization token after the user logs in. I can then exchange that for an access token and refresh token. I want to validate the access and refresh token.

cilefen

1/30/24, 12:04 PM

OAuth sends validity times with the tokens. But you wish to test them further without making an ordinary API call (like a request for some data with the access token), or request a new access token (with the refresh token), correct? The question is whether or not OAuth requires a validation API, does this module provide one, yes?

levente.nas

1/30/24, 2:11 PM

@cilefen That is precisely correct. I'm hoping there is a separate API call only for token validation.

cilefen

1/30/24, 3:52 PM

The routes in that module are https://git.drupalcode.org/project/simple_oauth/-/blob/5.2.x/simple_oauth.routing.yml and the implementable OAuth 2.0 endpoints are documented in this RFC: https://www.rfc-editor.org/rfc/rfc6749.

levente.nas

1/30/24, 11:41 PM

@cilefen So the way I'm seeing it there isn't a current implementation for the token introspection endpoint in the Simple OAuth module. Correct me if I'm wrong, but I'd need to implement this with a custom API endpoint?

Score:1

Drupal

cilefen

1/31/24, 12:58 AM

I am fairly sure the answer is "no". There is no such route provided by the module.

At this stage this looks like a feature request for the module.

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Is there a way to validate access & refresh tokens issued using the Simple OAuth module?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.