Module introspection

Expand description

OAuth 2.0 Token Introspection (RFC 7662)

Provides real-time token validation via authorization server introspection endpoint. Complements JWT validation by enabling immediate revocation checking.

§Why Token Introspection?

JWT signatures cannot be revoked without key rotation. Introspection provides:

Real-time revocation checking
Centralized token state management
Support for opaque tokens (non-JWT)

§Example

use turbomcp_auth::introspection::IntrospectionClient;

let client = IntrospectionClient::new(
    "https://auth.example.com/oauth/introspect".to_string(),
    "client_id".to_string(),
    Some("client_secret".to_string()),
);

// Check if token is active
let is_active = client.is_token_active("access_token_here").await?;

if is_active {
    println!("Token is valid");
} else {
    println!("Token revoked or expired");
}

Structs§

IntrospectionClient: Token introspection client
IntrospectionRequest: Token introspection request per RFC 7662 Section 2.1
IntrospectionResponse: Token introspection response per RFC 7662 Section 2.2

Module introspection

Module introspection Copy item path

§Why Token Introspection?

§Example

Structs§

Module introspection