OAuth2 Token Introspection Agent

Validates OAuth2 tokens using RFC 7662 introspection endpoints. Integrates with Keycloak, Auth0, and Okta token introspection APIs to verify token claims, scopes, and expiration in real time.

Installation

Use the upstream install or setup path that matches your environment:

• Make sure only the right people can access your applications

Requirements and caveats from upstream:

• Identity Provider (IdP) access tokens do not require validation. Pass the IdP access token to the issuing IdP to handle the validation. For more information, see Identity Provider Access Tokens for details.

Basic usage or getting-started notes:

• Verify token audience claims. If you’ve performed the standard JWT validation, you have already decoded the JWT’s payload and looked at its standard claims. The token audience claim ( aud , array of strings) depends o...

• Verify permissions (scopes). Verify that the application has been granted the permissions required to access your API. To do so, you will need to check the scope claim ( scope , space-separated list of strings) in the...

• self.__next_f.push([1,"16:[null,["$","$L25",null,{"isLivePreviewRoute":false,"children":["$","$L5",null,{"appearance":"$undefined","codeblockTheme":"system","children":[["$","style",null,{"d...

• Source: https://auth0.com/docs/secure/tokens/access-tokens/validate-access-tokens

Documentation

• https://auth0.com/docs/secure/tokens/access-tokens/validate-access-tokens

Source

• Agent Skill Exchange