oauth2: Returns token type on token introspection

Closes #831

docs/api.swagger.json

@@ -1725,16 +1725,20 @@
       "x-go-package": "github.com/ory/hydra/client"
     },
     "oAuth2TokenIntrospection": {
+      "description": "https://tools.ietf.org/html/rfc7662",
       "type": "object",
+      "title": "Introspection contains an access token's session data as specified by IETF RFC 7662, see:",
       "properties": {
         "active": {
           "description": "Active is a boolean indicator of whether or not the presented token\nis currently active.  The specifics of a token's \"active\" state\nwill vary depending on the implementation of the authorization\nserver and the information it keeps about its tokens, but a \"true\"\nvalue return for the \"active\" property will generally indicate\nthat a given token has been issued by this authorization server,\nhas not been revoked by the resource owner, and is within its\ngiven time window of validity (e.g., after its issuance time and\nbefore its expiration time).",
           "type": "boolean",
           "x-go-name": "Active"
         },
         "aud": {
-          "description": "ClientID is a service-specific string identifier or list of string\nidentifiers representing the intended audience for this token.",
-          "type": "string",
+          "type": "array",
+          "items": {
+            "type": "string"
+          },
           "x-go-name": "Audience"
         },
         "client_id": {
@@ -1783,13 +1787,18 @@
           "type": "string",
           "x-go-name": "Subject"
         },
+        "token_type": {
+          "description": "TokenType is the introspected token's type, for example `access_token` or `refresh_token`.",
+          "type": "string",
+          "x-go-name": "TokenType"
+        },
         "username": {
           "description": "Username is a human-readable identifier for the resource owner who\nauthorized this token.",
           "type": "string",
           "x-go-name": "Username"
         }
       },
-      "x-go-name": "swaggerOAuthIntrospectionResponsePayload",
+      "x-go-name": "Introspection",
       "x-go-package": "github.com/ory/hydra/oauth2"
     },
     "oauthTokenResponse": {

oauth2/doc.go

@@ -119,61 +119,6 @@ type swaggerOAuthTokenResponse struct {
 	TokenType string `json:"token_type"`
 }
 
-// swagger:model oAuth2TokenIntrospection
-type swaggerOAuthIntrospectionResponsePayload struct {
-	// Active is a boolean indicator of whether or not the presented token
-	// is currently active.  The specifics of a token's "active" state
-	// will vary depending on the implementation of the authorization
-	// server and the information it keeps about its tokens, but a "true"
-	// value return for the "active" property will generally indicate
-	// that a given token has been issued by this authorization server,
-	// has not been revoked by the resource owner, and is within its
-	// given time window of validity (e.g., after its issuance time and
-	// before its expiration time).
-	Active bool `json:"active"`
-
-	// Scope is a JSON string containing a space-separated list of
-	// scopes associated with this token.
-	Scope string `json:"scope,omitempty"`
-
-	// ClientID is aclient identifier for the OAuth 2.0 client that
-	// requested this token.
-	ClientID string `json:"client_id,omitempty"`
-
-	// Subject of the token, as defined in JWT [RFC7519].
-	// Usually a machine-readable identifier of the resource owner who
-	// authorized this token.
-	Subject string `json:"sub,omitempty"`
-
-	// Expires at is an integer timestamp, measured in the number of seconds
-	// since January 1 1970 UTC, indicating when this token will expire.
-	ExpiresAt int64 `json:"exp,omitempty"`
-
-	// Issued at is an integer timestamp, measured in the number of seconds
-	// since January 1 1970 UTC, indicating when this token was
-	// originally issued.
-	IssuedAt int64 `json:"iat,omitempty"`
-
-	// NotBefore is an integer timestamp, measured in the number of seconds
-	// since January 1 1970 UTC, indicating when this token is not to be
-	// used before.
-	NotBefore int64 `json:"nbf,omitempty"`
-
-	// Username is a human-readable identifier for the resource owner who
-	// authorized this token.
-	Username string `json:"username,omitempty"`
-
-	// ClientID is a service-specific string identifier or list of string
-	// identifiers representing the intended audience for this token.
-	Audience string `json:"aud,omitempty"`
-
-	// Issuer is a string representing the issuer of this token
-	Issuer string `json:"iss,omitempty"`
-
-	// Extra is arbitrary data set by the session.
-	Extra map[string]interface{} `json:"ext,omitempty"`
-}
-
 // swagger:parameters introspectOAuth2Token
 type swaggerOAuthIntrospectionRequest struct {
 	// The string value of the token. For access tokens, this

oauth2/introspector.go

@@ -22,6 +22,7 @@ package oauth2
 
 // Introspection contains an access token's session data as specified by IETF RFC 7662, see:
 // https://tools.ietf.org/html/rfc7662
+// swagger:model oAuth2TokenIntrospection
 type Introspection struct {
 	// Active is a boolean indicator of whether or not the presented token
 	// is currently active.  The specifics of a token's "active" state

sdk/go/hydra/swagger/docs/OAuth2TokenIntrospection.md

@@ -4,7 +4,7 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **Active** | **bool** | Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time). | [optional] [default to null]
-**Aud** | **string** | ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token. | [optional] [default to null]
+**Aud** | **[]string** |  | [optional] [default to null]
 **ClientId** | **string** | ClientID is aclient identifier for the OAuth 2.0 client that requested this token. | [optional] [default to null]
 **Exp** | **int64** | Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire. | [optional] [default to null]
 **Ext** | [**map[string]interface{}**](interface{}.md) | Extra is arbitrary data set by the session. | [optional] [default to null]
@@ -13,6 +13,7 @@ Name | Type | Description | Notes
 **Nbf** | **int64** | NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before. | [optional] [default to null]
 **Scope** | **string** | Scope is a JSON string containing a space-separated list of scopes associated with this token. | [optional] [default to null]
 **Sub** | **string** | Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token. | [optional] [default to null]
+**TokenType** | **string** | TokenType is the introspected token's type, for example `access_token` or `refresh_token`. | [optional] [default to null]
 **Username** | **string** | Username is a human-readable identifier for the resource owner who authorized this token. | [optional] [default to null]
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

sdk/go/hydra/swagger/o_auth2_token_introspection.go

@@ -10,13 +10,13 @@
 
 package swagger
 
+// https://tools.ietf.org/html/rfc7662
 type OAuth2TokenIntrospection struct {
 
 	// Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time).
 	Active bool `json:"active,omitempty"`
 
-	// ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token.
-	Aud string `json:"aud,omitempty"`
+	Aud []string `json:"aud,omitempty"`
 
 	// ClientID is aclient identifier for the OAuth 2.0 client that requested this token.
 	ClientId string `json:"client_id,omitempty"`
@@ -42,6 +42,9 @@ type OAuth2TokenIntrospection struct {
 	// Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token.
 	Sub string `json:"sub,omitempty"`
 
+	// TokenType is the introspected token's type, for example `access_token` or `refresh_token`.
+	TokenType string `json:"token_type,omitempty"`
+
 	// Username is a human-readable identifier for the resource owner who authorized this token.
 	Username string `json:"username,omitempty"`
 }

sdk/js/swagger/docs/OAuth2TokenIntrospection.md

@@ -4,7 +4,7 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **active** | **Boolean** | Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time). | [optional] 
-**aud** | **String** | ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token. | [optional] 
+**aud** | **[String]** |  | [optional] 
 **clientId** | **String** | ClientID is aclient identifier for the OAuth 2.0 client that requested this token. | [optional] 
 **exp** | **Number** | Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire. | [optional] 
 **ext** | **{String: Object}** | Extra is arbitrary data set by the session. | [optional] 
@@ -13,6 +13,7 @@ Name | Type | Description | Notes
 **nbf** | **Number** | NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before. | [optional] 
 **scope** | **String** | Scope is a JSON string containing a space-separated list of scopes associated with this token. | [optional] 
 **sub** | **String** | Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token. | [optional] 
+**tokenType** | **String** | TokenType is the introspected token's type, for example `access_token` or `refresh_token`. | [optional] 
 **username** | **String** | Username is a human-readable identifier for the resource owner who authorized this token. | [optional] 
 
 

sdk/js/swagger/src/model/OAuth2TokenIntrospection.js

@@ -41,6 +41,7 @@
 
   /**
    * Constructs a new <code>OAuth2TokenIntrospection</code>.
+   * https://tools.ietf.org/html/rfc7662
    * @alias module:model/OAuth2TokenIntrospection
    * @class
    */
@@ -63,7 +64,7 @@
         obj['active'] = ApiClient.convertToType(data['active'], 'Boolean')
       }
       if (data.hasOwnProperty('aud')) {
-        obj['aud'] = ApiClient.convertToType(data['aud'], 'String')
+        obj['aud'] = ApiClient.convertToType(data['aud'], ['String'])
       }
       if (data.hasOwnProperty('client_id')) {
         obj['client_id'] = ApiClient.convertToType(data['client_id'], 'String')
@@ -89,6 +90,12 @@
       if (data.hasOwnProperty('sub')) {
         obj['sub'] = ApiClient.convertToType(data['sub'], 'String')
       }
+      if (data.hasOwnProperty('token_type')) {
+        obj['token_type'] = ApiClient.convertToType(
+          data['token_type'],
+          'String'
+        )
+      }
       if (data.hasOwnProperty('username')) {
         obj['username'] = ApiClient.convertToType(data['username'], 'String')
       }
@@ -102,8 +109,7 @@
    */
   exports.prototype['active'] = undefined
   /**
-   * ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token.
-   * @member {String} aud
+   * @member {Array.<String>} aud
    */
   exports.prototype['aud'] = undefined
   /**
@@ -146,6 +152,11 @@
    * @member {String} sub
    */
   exports.prototype['sub'] = undefined
+  /**
+   * TokenType is the introspected token's type, for example `access_token` or `refresh_token`.
+   * @member {String} token_type
+   */
+  exports.prototype['token_type'] = undefined
   /**
    * Username is a human-readable identifier for the resource owner who authorized this token.
    * @member {String} username

sdk/php/swagger/docs/Model/OAuth2TokenIntrospection.md

@@ -4,7 +4,7 @@
 Name | Type | Description | Notes
 ------------ | ------------- | ------------- | -------------
 **active** | **bool** | Active is a boolean indicator of whether or not the presented token is currently active.  The specifics of a token's \"active\" state will vary depending on the implementation of the authorization server and the information it keeps about its tokens, but a \"true\" value return for the \"active\" property will generally indicate that a given token has been issued by this authorization server, has not been revoked by the resource owner, and is within its given time window of validity (e.g., after its issuance time and before its expiration time). | [optional] 
-**aud** | **string** | ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token. | [optional] 
+**aud** | **string[]** |  | [optional] 
 **client_id** | **string** | ClientID is aclient identifier for the OAuth 2.0 client that requested this token. | [optional] 
 **exp** | **int** | Expires at is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token will expire. | [optional] 
 **ext** | **map[string,object]** | Extra is arbitrary data set by the session. | [optional] 
@@ -13,6 +13,7 @@ Name | Type | Description | Notes
 **nbf** | **int** | NotBefore is an integer timestamp, measured in the number of seconds since January 1 1970 UTC, indicating when this token is not to be used before. | [optional] 
 **scope** | **string** | Scope is a JSON string containing a space-separated list of scopes associated with this token. | [optional] 
 **sub** | **string** | Subject of the token, as defined in JWT [RFC7519]. Usually a machine-readable identifier of the resource owner who authorized this token. | [optional] 
+**token_type** | **string** | TokenType is the introspected token's type, for example `access_token` or `refresh_token`. | [optional] 
 **username** | **string** | Username is a human-readable identifier for the resource owner who authorized this token. | [optional] 
 
 [[Back to Model list]](../README.md#documentation-for-models) [[Back to API list]](../README.md#documentation-for-api-endpoints) [[Back to README]](../README.md)

sdk/php/swagger/lib/Model/OAuth2TokenIntrospection.php

@@ -35,6 +35,7 @@
  * OAuth2TokenIntrospection Class Doc Comment
  *
  * @category    Class
+ * @description https://tools.ietf.org/html/rfc7662
  * @package     Hydra\SDK
  * @author      Swagger Codegen team
  * @link        https://github.com/swagger-api/swagger-codegen
@@ -55,7 +56,7 @@ class OAuth2TokenIntrospection implements ArrayAccess
       */
     protected static $swaggerTypes = [
         'active' => 'bool',
-        'aud' => 'string',
+        'aud' => 'string[]',
         'client_id' => 'string',
         'exp' => 'int',
         'ext' => 'map[string,object]',
@@ -64,6 +65,7 @@ class OAuth2TokenIntrospection implements ArrayAccess
         'nbf' => 'int',
         'scope' => 'string',
         'sub' => 'string',
+        'token_type' => 'string',
         'username' => 'string'
     ];
 
@@ -82,6 +84,7 @@ class OAuth2TokenIntrospection implements ArrayAccess
         'nbf' => 'int64',
         'scope' => null,
         'sub' => null,
+        'token_type' => null,
         'username' => null
     ];
 
@@ -110,6 +113,7 @@ public static function swaggerFormats()
         'nbf' => 'nbf',
         'scope' => 'scope',
         'sub' => 'sub',
+        'token_type' => 'token_type',
         'username' => 'username'
     ];
 
@@ -129,6 +133,7 @@ public static function swaggerFormats()
         'nbf' => 'setNbf',
         'scope' => 'setScope',
         'sub' => 'setSub',
+        'token_type' => 'setTokenType',
         'username' => 'setUsername'
     ];
 
@@ -148,6 +153,7 @@ public static function swaggerFormats()
         'nbf' => 'getNbf',
         'scope' => 'getScope',
         'sub' => 'getSub',
+        'token_type' => 'getTokenType',
         'username' => 'getUsername'
     ];
 
@@ -192,6 +198,7 @@ public function __construct(array $data = null)
         $this->container['nbf'] = isset($data['nbf']) ? $data['nbf'] : null;
         $this->container['scope'] = isset($data['scope']) ? $data['scope'] : null;
         $this->container['sub'] = isset($data['sub']) ? $data['sub'] : null;
+        $this->container['token_type'] = isset($data['token_type']) ? $data['token_type'] : null;
         $this->container['username'] = isset($data['username']) ? $data['username'] : null;
     }
 
@@ -243,7 +250,7 @@ public function setActive($active)
 
     /**
      * Gets aud
-     * @return string
+     * @return string[]
      */
     public function getAud()
     {
@@ -252,7 +259,7 @@ public function getAud()
 
     /**
      * Sets aud
-     * @param string $aud ClientID is a service-specific string identifier or list of string identifiers representing the intended audience for this token.
+     * @param string[] $aud
      * @return $this
      */
     public function setAud($aud)
@@ -430,6 +437,27 @@ public function setSub($sub)
         return $this;
     }
 
+    /**
+     * Gets token_type
+     * @return string
+     */
+    public function getTokenType()
+    {
+        return $this->container['token_type'];
+    }
+
+    /**
+     * Sets token_type
+     * @param string $token_type TokenType is the introspected token's type, for example `access_token` or `refresh_token`.
+     * @return $this
+     */
+    public function setTokenType($token_type)
+    {
+        $this->container['token_type'] = $token_type;
+
+        return $this;
+    }
+
     /**
      * Gets username
      * @return string