9d5c2b39fa
The response can simply omit fields that require id_token as the only required field is "active" according to RFC 7662. I think it would be nice for introspection of client credentials tokens to be supported by default without needing to override OIDC_INTROSPECTION_VALIDATE_AUDIENCE_SCOPE, but this is a start. |
||
---|---|---|
.. | ||
endpoints | ||
utils | ||
__init__.py | ||
claims.py | ||
errors.py |