Skip to content
GitHub

Token introspection

Rafiki’s auth service is a reference implementation of an Open Payments authorization server. One responsibility of the authorization server is to issue access tokens, which describe access rights, to clients (e.g., third-party applications).

When a client makes a request to a resource server, the resource server communicates with the authorization server to:

  • Check the validity of the client’s access token
  • Determine whether the client is authorized to access protected resources

This process is called token introspection.

The token-introspection package is a client library for making GNAP token introspection requests to the authorization server. It describes how the Rafiki backend and auth services communicate to validate access tokens. If you’re using Rafiki’s auth service, there’s nothing you need to do with this package. Rafiki automatically runs the package internally. If you’re writing your own auth service, you may find the files within the package to be helpful.