# `Oidcc.Plug.IntrospectToken` [🔗](https://github.com/erlef/oidcc_plug/blob/989b809174070ef71c9dc545de149854f86d8f7c /lib/oidcc/plug/introspect_token.ex#L1) Validate extracted authorization token using introspection. See: https://datatracker.ietf.org/doc/html/rfc7662 This module should be used together with `Oidcc.Plug.ExtractAuthorization`. This plug will send an introspection request for every request. To avoid this, provide a `cache` to `t:opts/0`. ```elixir defmodule SampleAppWeb.Endpoint do use Phoenix.Endpoint, otp_app: :sample_app # ... plug Oidcc.Plug.ExtractAuthorization plug Oidcc.Plug.IntrospectToken, provider: SampleApp.GoogleOpenIdConfigurationProvider, client_id: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_id]), client_secret: Application.compile_env!(:sample_app, [Oidcc.Plug.IntrospectToken, :client_secret]) plug SampleAppWeb.Router end ``` # `opts` *since 0.1.0* ```elixir @type opts() :: [ provider: GenServer.name(), client_id: String.t() | (-> String.t()) | (Plug.Conn.t() -> String.t()), client_secret: String.t() | (-> String.t()) | (Plug.Conn.t() -> String.t()), token_introspection_opts: :oidcc_token_introspection.opts(), send_inactive_token_response: (conn :: Plug.Conn.t(), introspection :: Oidcc.TokenIntrospection.t() -> Plug.Conn.t()), cache: Oidcc.Plug.Cache.t() ] ``` Plug Configuration Options ## Options * `provider` - name of the `Oidcc.ProviderConfiguration.Worker` * `client_id` - OAuth Client ID to use for the introspection * `client_secret` - OAuth Client Secret to use for the introspection * `token_introspection_opts` - Options to pass to the introspection * `send_inactive_token_response` - Customize Error Response for inactive token * `cache` - Cache token introspection - See `Oidcc.Plug.Cache` * `client_store` - A module name that implements the `Oidcc.Plug.ClientStore` behaviour to fetch the client context from a store instead of using the `provider`, `client_id` and `client_secret` directly. This is useful for storing the client context in a database or other persistent storage. --- *Consult [api-reference.md](api-reference.md) for complete listing*