Checking if token is valid and the user is same logged in Identity Server/ oidc provider about pyoidc HOT 3 CLOSED

mateusdemboski commented on July 24, 2024

Checking if token is valid and the user is same logged in Identity Server/ oidc provider

from pyoidc.

Comments (3)

rohe commented on July 24, 2024

10 mar 2016 kl. 12:16 skrev Mateus Demboski [email protected]:

Hello, i researched in doc, but not find any method to verify if token is valid

There are depending on the functionality of the Identity server a couple of ways of
doing this:

Brute-force. You try to use it and sees what happens :-)
Check the ’expire at’ (exp) time
Use introspection, there is a specification (RFC 7662) that specifies how this is done,
not all identity servers support it.

and/or verify if user is same logged in Identity Server/ oidc provider…

Not sure I understand your question here.
Could you please elaborate.

— Roland

”Everybody should be quiet near a little stream and listen."
From ’Open House for Butterflies’ by Ruth Krauss

from pyoidc.

decentral1se commented on July 24, 2024

Closing this one off, as it is going stale. Feel free to re-open if more questions arise.

from pyoidc.

gumond commented on July 24, 2024

Hello, I have a basic OP client implemented using pyoidc library according to the docs. This client is supposed to be an 'admin client', i.e. users contacting our system can provide their access_tokens and we would wish to use these in order to perform actions on behalf of the user. Our 'admin' OP client and the user OP clients are independent and are both based on the same OP.

Is it possible to verify any received access_token, knowing the issuer and having my own client configured on the same OP ? How could I do this using the pyoidc library without contacting the OP repetitively for several tokens ?
Is it possible to perform actions with such access_token on behalf of the user ?

Many Thanks for any insight !
Cheers,
Jaroslav

from pyoidc.

Recommend Projects