Skip to content

Incorrect documentation for OpaqueTokenIntrospector #16903

New issue
New issue
Closed
#16908
Closed
Incorrect documentation for OpaqueTokenIntrospector#16903
#16908
Assignees
rwinch
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issuetype: bugA general bug
@OrangeDog

Description

@OrangeDog
OrangeDog
opened on Apr 7, 2025

Describe the bug
https://docs.spring.io/spring-security/site/docs/6.4.2/api/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.html

Returning a Map is indicative that the token is valid.

Returns: the token's attributes

The method returns an OAuth2AuthenticatedPrincipal, not a Map of attributes.

Expected behavior
Documentation to match the current implementation, and ideally describe the throws contract too.
Is the method also supposed to verify the token expiration, whether the user exists, etc. or is that done later?

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)status: duplicateA duplicate of another issuetype: bugA general bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions