support introspection on client credentials tokens
The response can simply omit fields that require id_token as the only required field is "active" according to RFC 7662. I think it would be nice for introspection of client credentials tokens to be supported by default without needing to override OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE, but this is a start.
This commit is contained in:
Andy Clayton
parent
6e442a5f35
commit
9d5c2b39fa
6 changed files with 61 additions and 19 deletions
|
|
@ -181,7 +181,7 @@ class Token(BaseCodeTokenModel):
|
|||
|
||||
@property
|
||||
def id_token(self):
|
||||
return json.loads(self._id_token)
|
||||
return json.loads(self._id_token) if self._id_token else None
|
||||
|
||||
@id_token.setter
|
||||
def id_token(self, value):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue