Spring oauth2 validate token request

Question

Does oauth2RestTemplate or access token providers support validate token request?

Here is the flow:

1. Mobile/Web-App authenticated from third party Authentication server and obtains Access-Token.
2. User tries to access a secured resources, and passed the Access-Token in the request, as expected by the protocol.

Is it possible to check this token against third-party server?

I found a bit similar here in the form of a refresh token.

Is validation request the part of the OAuth2 standard?

Thanks

Answer 1

No, OAuth2 doesn't enforce a specific token format or API for validating tokens. This is something that has to be decided independently between the resource server and the authorization server.

For example, the UAA project, which uses Spring Security OAuth2, uses signed JWT tokens, so the resource server can validate the contents without having to ask the authorization server directly. It also provides a /check_token endpoint, which will decode the token and verify that it has not expired.