First time asking here and going straight to the point: I'm working on an API with Spring that connects to a Keycloak instance and I need every endpoint to accept an Access Token for security reasons, thus, I need to make an introspection on that token each time to a) Make sure it's valid, and b) Make sure the session is active at the moment of introspectionRight now I have an instance of a Keycloak Admin client (org.keycloak.admin.client - Refference) built off of my master realm credentials, and I'm trying to see if it's possible to make the introspection with this Client, or with something similar whatsoever. I've already spent a couple hours reading the Keycloak's docs on the admin client but I can't, for the life of me, find anything that works. All I find for introspection apparently either needs something different than an Admin Client and can't figure out how to make it work, or what I think can only be used within an SPI (which I've already worked with, it's just that this case is different). Any options, help or suggestions on how to solve this are accepted, since this has already consumed a lot of my time. I'm just trying to do this without explicitly making a POST request (which I was making with RestTemplate, btw).
Also I'm currently working with Keycloak 22.0.1
Thank you in advance :), but the only option I seem to find is making a POST request to the keycloak's introspection endpoint ({realm}/protocol/openid-connect/token/introspect).
Right now I have an instance of a Keycloak Admin client (org.keycloak.admin.client - Refference) built off of my master realm credentials, and I'm trying to see if it's possible to make the introspection with this Client, or with something similar whatsoever. I've already spent a couple hours reading the Keycloak's docs on the admin client but I can't, for the life of me, find anything that works. All I find for introspection apparently either needs something different than an Admin Client and can't figure out how to make it work, or what I think can only be used within an SPI (which I've already worked with, it's just that this case is different). Any options, help or suggestions on how to solve this are accepted, since this has already consumed a lot of my time. I'm just trying to do this without explicitly making a POST request (which I was making with RestTemplate, btw).
Also I'm currently working with Keycloak 22.0.1
Thank you in advance :)
Keycloak has its
introspection_endpointlisted in its openid-configuration (${issuer}/.well-known/openid-configuration).spring-oauth2-resource-serverhas support for introspection.As a side note, introspection has a very bad impact on performance and, if you are using OAuth2 correctly (with "confidential" clients running on server you trust and not with "public" clients running on end-users devices), you shouldn't have to "Make sure the session is active at the moment of introspection" (session should be a concern only of OAuth2 clients and OAuth2 authorization server, not of OAuth2 resource server).