TsgcHTTP_OAuth2_Client › Events › OnAfterIntrospectToken
Fires after the introspection endpoint returns the token metadata.
property OnAfterIntrospectToken: TsgcOnAuth2AfterIntrospectToken;
// TsgcOnAuth2AfterIntrospectToken = procedure(Sender: TObject; const Active: Boolean; const Scope, ClientId, Username, TokenType, RawResponse: String) of object—
OnAfterIntrospectToken is raised when the authorization server answers the introspection request with the JSON body described in RFC 7662. Active is the most important field and indicates whether the token is currently valid; when False the remaining parameters are meaningless. When Active is True, Scope lists the scopes granted to the token, ClientId identifies the OAuth client that obtained the token, Username is the resource owner (if any), and TokenType is the issued token type (Bearer, DPoP, etc.). RawResponse contains the full raw JSON body for provider-specific fields such as exp, iat, sub, aud or jti.
procedure OnOAuth2AfterIntrospectToken(Sender: TObject; const Active: Boolean; const Scope, ClientId,
Username, TokenType, RawResponse: string);
begin
if Active then
DoLog('Token active - ClientId: ' + ClientId + ' Scope: ' + Scope)
else
DoLog('Token no longer active');
end;