Koppeltaal 2.0 Dev Guide
  • Developer Guide
  • POC (Walking Skeleton)
    • Proof Of Concept
      • Koppeltaal Server
      • Domain Management
      • Auth Server
      • Koppeltaal IdP
      • Domain Access Test Suite
      • Koppeltaal Test Tooling
  • Domain access
    • Joining a domain
    • Role-based access control
      • Autorisation model
      • Creating a role
      • Search Narrowing
      • Revoke Permission
  • Technical HOW-TO
    • Koppeltaal Test Tooling
    • Request Koppeltaal server metadata
    • Connecting to Koppeltaal
      • Requirements
        • Create a key pair
        • Signing the JWT
        • JWKS setup
      • Access to Koppeltaal
    • Managing resources
      • Versioning
      • CRUD Operations
        • Retrieve all Resources
        • Retrieve specific Resource
        • Create a Resource
        • Update a Resource
        • Delete a Resource
      • Subscribing to changes
    • Launching
      • HTI Flow
      • SHOF Flow
      • Compose a launch
      • Initiating a launch
      • Receiving a HTI launch
        • Token introspection
      • Receiving a SHOF launch
    • Detailed technical guidance
  • Hackathon Use Cases
    • Requirements
      • Install and configure Yivi
    • Use-Cases
      • Use-Case 1: Create a Task
        • Create an ActivityDefinition
      • Use-Case 2: HTI Launch
      • Use-case 3: SHOF Launch
      • Use-case 4: Subscribing to changes
  • Useful Links
    • Simplifier Profiles
    • FHIR Docs
    • HTI documentation
    • GitHub
    • Koppeltaal 2.0 Specifications & Architecture
    • Koppeltaal 2.0 Implementation Guide
    • Koppeltaal 2.0 OpenAPI Specs
Powered by GitBook
On this page

Was this helpful?

  1. Technical HOW-TO
  2. Launching
  3. Receiving a HTI launch

Token introspection

PreviousReceiving a HTI launchNextReceiving a SHOF launch

Last updated 8 months ago

Was this helpful?

When an application receives an HTI launch, it will . To ensure that not every application has to build in all the security logic to verify this token, Koppeltaal offers on the authentication server. This eliminates the need for the application to .

When Token Introspection approves a token, the extracted body of the JWT token will be returned. If a 200 response code is returned, the application must ALWAYS verify that the active attribute in the response is true.

POST {AUTH_SERVER_URL}/oauth2/introspect

Headers

Name
Type
Description

Content-Type*

String

application/x-www-form-urlencoded

Accept*

String

application/json

Request Body

Name
Type
Description

client_assertion*

String

JWT as composed for the

client_assertion_type*

String

Always:

urn:ietf:params:oauth:client-assertion-type:jwt-bearer

token*

String

The JWT to be validated

{
  "active": true,
  "client_id": "l238j323ds-23ij4",
  "username": "jdoe",
  "scope": "read write dolphin",
  "sub": "Z5O3upPC88QrAjx00dis",
  "aud": "https://protected.example.net/resource",
  "iss": "https://server.example.com/",
  "exp": 1419356238,
  "iat": 1419350238,
  "extension_field": "twenty-seven"
}
{
  "active": false
}

Not authorised to execute introspection.

Topics

TOP-KT-007 - Koppeltaal Launch
TOP-KT-021 - Token Introspection
contain a JWT token
Token Introspection
verify the JWT itself
SMART Backend Service