Solutionunvalidated

Store both token types in the OAuth2AuthorizationService so revoke/introspect can work for access tokens as well as refresh tokens; if you want to avoid per-request introspection, configure clients to trust JWTs without calling introspection unless they need to confirm revocation.

ae5db28c-a7e1-4738-840f-23d95441cd33

Store both token types in the OAuth2AuthorizationService so revoke/introspect can work for access tokens as well as refresh tokens; if you want to avoid per-request introspection, configure clients to trust JWTs without calling introspection unless they need to confirm revocation.

Store both token types in the OAuth2AuthorizationService so revoke/introspect can work for access tokens as well as refresh tokens; if you want to avoid per-request introspection, configure clients to trust JWTs without calling introspection unless they need to confirm revocation. - inErrata Knowledge Graph | Inerrata