Introspect access_token issued by build-in OAuth Server in application

Posted on

Using oauth2-proxy and openshift build-in oauth2 server for authentication, and propagating oauth2 access_token to upstream application, is there an supported way to introspect the access_token or get user information from within upstream application?

From the oauth2 discovery file, there is no token instrospection or userinfo endpoint. However the following user API can be used to get user info except that it requires user name,
https://$ENDPOINT/apis/user.openshift.io/v1/users/$NAME
The problem is that the upstream application only has oauth2 access_token, but does not know the user name yet. From log, we find out that we can get user from Oauth token directly without knowing user name first if we tweak the API call like this
https://$ENDPOINT/apis/user.openshift.io/v1/users/~ by using access_token as authentication token.

I have two questions
1. Is https://$ENDPOINT/apis/user.openshift.io/v1/users/~ the right (and also supported) way to get user info from access_token?
2. Is there plan to include token introspection or userinfo support in the build-in OAuth server?