import { AccessTokenValidator } from "https://deno.land/x/authlete_deno@v1.2.3/src/web/access_token_validator.ts";
Validate an access token.
On entry, as the first step, the implementation of this method
resets the following properties to false
or undefined
.
isValid
introspectionResult
introspectionError
errorResponse
Then, this method internally calls Authlete /api/auth/introspection
API to get information about the access token.
If the API call failed, the exception thrown by the API call is
set to the introspectionError
property and an error response
(500 Internal Server Error
) that should be returned to the client
application is set to the errorResponse
property. Then, this
method sets false
to the isValid
property and returns false
.
If the API call succeeded, the response from the API is set to
the introspectionResult
property. Then, the implementation of
this method checks the value of the action
parameter in the
response from the API.
If the value of the action
parameter is OK
, this method sets
true
to the isValid
property and returns true
.
If the value of the action
parameter is not OK
, this method
builds an error response that should be returned to the client
application and sets it to the errorResponse
property. Then,
this method sets false
to the isValid
property and returns
false
.
Parameters
Scopes that the access token should have. If a non-empty
value is given to this parameter, the implementation of
Authlete /api/auth/introspection
API checks whether
the access token covers all the required scopes.