@jackdbd/fastify-introspection-endpoint
@jackdbd/fastify-introspection-endpoint
Fastify plugin that adds an IndieAuth Token Introspection Endpoint to a Fastify server.
IndieAuth extends OAuth 2.0 Token Introspection by adding that the introspection response MUST include an additional parameter, me.
Installation
npm install @jackdbd/fastify-introspection-endpoint
Introspection Endpoint Options
Options for the Fastify introspection-endpoint plugin
Properties
| Name | Type | Description | Required |
|---|---|---|---|
| ajv | Instance of Ajv |
no | |
| includeErrorDescription | boolean |
Whether to include an error_description property in all error responses. This is meant to assist the client developer in understanding the error. This is NOT meant to be shown to the end user.Default: false |
no |
| isAccessTokenRevoked | Function |
Predicate function that returns true if a jti (JSON Web Token ID) is revoked. |
yes |
| isRefreshTokenRevoked | Function |
Predicate function that returns true if a refresh token is revoked. |
yes |
| issuer | string |
The authorization server's issuer identifier. It's a URL that uses the "https" scheme and has no query or fragment components. It MUST also be a prefix of the indieauth-metadata URL. Format: "uri" |
yes |
| jwksUrl (JWKS public URL) |
object |
URL where the public JSON Web Key Set is hosted. |
yes |
| logPrefix | string |
Default: "[introspection-endpoint] " |
no |
| me | yes | ||
| reportAllAjvErrors (report all AJV errors) |
boolean |
Whether to report all AJV validation errors. Default: false |
no |
| retrieveAccessToken | Function |
Retrieves an access token from a storage backend. |
yes |
| retrieveRefreshToken | Function |
Retrieves a refresh token from a storage backend. |
yes |
Example
{
"includeErrorDescription": false,
"jwksUrl": {},
"logPrefix": "[introspection-endpoint] ",
"reportAllAjvErrors": false
}
jwksUrl: JWKS public URL
URL where the public JSON Web Key Set is hosted.
Properties
| Name | Type | Description | Required |
|---|---|---|---|
| hash | string |
yes | |
| host | string |
yes | |
| href | string |
yes | |
| hostname | string |
yes | |
| origin | string |
yes | |
| password | string |
yes | |
| pathname | string |
yes | |
| port | string |
yes | |
| protocol | string |
yes | |
| search | string |
yes | |
| searchParams | yes | ||
| username | string |
yes | |
| toJSON | yes |
Additional Properties: allowed
Dependencies
| Package | Version |
|---|---|
| @fastify/formbody | ^8.0.2 |
| @fastify/response-validation | ^3.0.3 |
| @jackdbd/canonical-url | 0.2.0-canary.8 |
| @jackdbd/fastify-hooks | 0.2.0-canary.16 |
| @jackdbd/indieauth | 0.2.0-canary.14 |
| @jackdbd/oauth2-error-responses | 0.2.0-canary.9 |
| @jackdbd/schema-validators | 0.2.0-canary.12 |
| @sinclair/typebox | ^0.34.14 |
| ajv | ^8.17.1 |
| ajv-formats | ^3.0.1 |
| fastify-plugin | ^5.0.1 |
Warning
This package defines 2 peer dependencies.
| Peer | Version range |
|---|---|
@fastify/request-context |
>=6.0.0 |
fastify |
>=5.0.0 |
References
- OAuth 2.0 Token Introspection (RFC 7662)
- Access Token Verification Request - IndieAuth
- Access Token Verification Response - IndieAuth
- Introspection Request - OAuth 2.0 Token Introspection
- Introspection Response - OAuth 2.0 Token Introspection
License
© 2024 - 2025 Giacomo Debidda // MIT License