Kévin Chalet

Glad I could help 😃

Hey, For security reasons, OpenIddict will return a stripped-down introspection response in two cases: - The caller is a public client. - The caller is not explicitly listed as an...

As I said in my last post, you must set the resources using `principal.SetResources()`: > You'll likely want to double-check the client_id of your introspection client is listed when calling...

I tested locally with the latest OpenIddict 3.1.1 bits and I wasn't able to reproduce this issue. Is your application open-source? If it's not, a repro app would help.

Hey, Thanks for sponsoring the project, much appreciated! Can you please try with `/connect/introspect` instead of `connect/introspect` to see if it makes any difference?

Glad it helped! I'll reopen this ticket and convert it to a bug report to track potential improvements to make the UX better (because well, it's quite hard to figure...

> I wanted to give contributing a shot and was going to at least attempt this issue. @anorborg thanks a lot for your interest! > If my limited experience precludes...

FYI, the introspection feature hasn't yet been ported to OpenIddict, so please ignore the tests in `AspNet.Security.OAuth.Introspection.Tests` for now.

Note: the introspection feature was ported as part of https://github.com/openiddict/openiddict-core/pull/947.

> If so are there any technical reasons for not wanting to add such support from your point of view? Like most things, the reason is actually simpler: because you're...