An OAuthTokenVerifier that validates opaque (or any) access tokens by calling the
Authorization Server's introspection endpoint (RFC 7662). Use this when your IdP issues
opaque tokens, or when you want the AS to be the single source of truth on revocation.
Successful results are cached for a short, configurable TTL (and deduplicated while a
call is in flight) so high-traffic servers don't introspect the same token on every
request. Caching delays revocation visibility by at most the TTL; set cacheTtlSeconds: 0
if you need every request to hit the AS.
An OAuthTokenVerifier that validates opaque (or any) access tokens by calling the Authorization Server's introspection endpoint (RFC 7662). Use this when your IdP issues opaque tokens, or when you want the AS to be the single source of truth on revocation.
Successful results are cached for a short, configurable TTL (and deduplicated while a call is in flight) so high-traffic servers don't introspect the same token on every request. Caching delays revocation visibility by at most the TTL; set
cacheTtlSeconds: 0if you need every request to hit the AS.