This is how I am currently introspecting the authorization token sent on requests on my flask application. However, even though this works, I would like to use authlib but couldn't find the equivalent of this simple workflow there.
@app.before_request
def validate_token():
token = request.headers.get('Authorization')
if token is None:
return "Missing token", 401
token = token.split(' ')[1]
token_info = introspect_token(token)
if not token_info['active']:
return "Invalid token", 401
g.user = token_info
def introspect_token(token):
url = DEFAULT_AUTH_URI + '/token/introspect'
data = {'token': token}
auth = (CLIENT_ID, CLIENT_SECRET)
resp = requests.post(url, data=data, auth=auth)
resp.raise_for_status()
return resp.json()
I already have a server_metadata_url working to set it up, at least I'd like to use its introspection_endpoint key value pair instead of DEFAULT_AUTH_URI + '/token/introspect'. Any tips?