proxy.golang.org : github.com/nxadm/jwtintrospect
jwtintrospect is a Go library that validates oauth2/openid-connect JWT tokens through Provider introspection. While a JWT token can be correctly validated **locally** using the provider public key (the signature) and the `exp` field (expiration of the token), there are scenarios where tokens need to be invalidated on the provider. This is most likely the case when an access token is suspected to be compromised or is too old. In this case the provider can set a `not-before` field on the client (or even globally). The introspection endpoint of the provider will then reject all the tokens issued before the `not-before` date and time for that client. This library checks the token's validity **remotely** at the introspection endpoint. It will reject "invalidated" tokens that otherwise may conform to the signature and expiration constraints. See JWT Introspection IETF draft: https://tools.ietf.org/html/draft-ietf-oauth-jwt-introspection-response-10#section-5. This library has a companion [echo](https://github.com/labstack/echo) middleware at https://github.com/nxadm/echo-jwtintrospect. The library is tested with the [Keycloak Identity Provider](https://github.com/keycloak/keycloak). Example:
Registry
-
Source
- Documentation
- JSON
purl: pkg:golang/github.com/nxadm/jwtintrospect
License: Apache-2.0
Latest release: about 4 years ago
First release: about 4 years ago
Namespace: github.com/nxadm
Last synced: 18 days ago