TokenIntrospector resource

This table outlines the attributes of the TokenIntrospector resource and their descriptions.

path type description
TokenIntrospector.type* string Required. Specifies the type of token to introspect.
Supported values: opaque | jwt | aspxauth
TokenIntrospector.identity_provider Reference A reference to the associated IdentityProvider resource. Ties this TokenIntrospector to a particular identity provider, ensuring tokens are validated against the correct source.
TokenIntrospector.introspection_endpoint object Configuration for a remote introspection endpoint. The introspector will POST the token to this endpoint to obtain validation results.
TokenIntrospector.introspection_endpoint.url string The fully qualified URL of the remote introspection endpoint. The TokenIntrospector will send token validation requests here.
TokenIntrospector.introspection_endpoint.authorization string The authorization header value (e.g., a Basic Auth or Bearer token) used when calling the introspection endpoint. If present, it will be included in the request headers.
TokenIntrospector.jwks_uri string A URL pointing to a JSON Web Key Set (JWKS). When type is jwt, the introspector retrieves public keys from this URI to validate token signatures. This is typically used with asymmetric keys (e.g., RS256).
TokenIntrospector.jwt object Configuration for local JWT validation used when type is jwt. The TokenIntrospector will verify JWT signatures and claims without calling a remote endpoint.
TokenIntrospector.jwt.iss string The expected issuer (iss) claim value for JWTs. The TokenIntrospector ensures that tokens it validates come from this issuer.
TokenIntrospector.jwt.secret string A shared secret key or other signing key material used to verify the JWT’s signature.

path	type	description
TokenIntrospector.type*	string	Required. Specifies the type of token to introspect. Supported values: `opaque` \| `jwt` \| `aspxauth`
TokenIntrospector.identity_provider	Reference	A reference to the associated `IdentityProvider` resource. Ties this TokenIntrospector to a particular identity provider, ensuring tokens are validated against the correct source.
TokenIntrospector.introspection_endpoint	object	Configuration for a remote introspection endpoint. The introspector will POST the token to this endpoint to obtain validation results.
TokenIntrospector.introspection_endpoint.url	string	The fully qualified URL of the remote introspection endpoint. The TokenIntrospector will send token validation requests here.
TokenIntrospector.introspection_endpoint.authorization	string	The authorization header value (e.g., a Basic Auth or Bearer token) used when calling the introspection endpoint. If present, it will be included in the request headers.
TokenIntrospector.jwks_uri	string	A URL pointing to a JSON Web Key Set (JWKS). When `type` is `jwt`, the introspector retrieves public keys from this URI to validate token signatures. This is typically used with asymmetric keys (e.g., RS256).
TokenIntrospector.jwt	object	Configuration for local JWT validation used when `type` is `jwt`. The TokenIntrospector will verify JWT signatures and claims without calling a remote endpoint.
TokenIntrospector.jwt.iss	string	The expected issuer (`iss`) claim value for JWTs. The TokenIntrospector ensures that tokens it validates come from this issuer.
TokenIntrospector.jwt.secret	string	A shared secret key or other signing key material used to verify the JWT’s signature.