Skip to content

Log information about tokens used for Token Verify

Jamie Tanna requested to merge feature/introspect-logging into develop

As the Token Verify endpoint will be decomissioned, once the Token Introspect endpoint becomes the primary means for Resource Servers to introspect tokens, we should understand the impact by logging which client the token has been issued to.

Although this doesn't necessarily prove the client is verifying the token, it does help us to understand which tokens are being introspected.

We use putCloseable to make sure that the MDC is cleared after, so we don't need to clear it manually.

Merge request reports