Tests are missing, let's ship it, I'll open an issue.
Without such protection, the whole app would crash if the resource server is
not configured. The fallback backend would return an appropriate error to
the client if the resource server is improperly configured.
In OAuth 2.0, the Authorization Server is equivalent to the OIDC provider.
The Authorization Server exposes endpoints for token introspection and JWKS.
I’ve created a client to easily interact with the Authorization Server,
while doing the token introspection in our resource server.
Token introspection will be explained in upcoming commits.
The current OIDC library used in the project doesn’t offer token introspection,
leading to redundancy in the code handling some OIDC/OAuth2 flows.
This overlap makes the code bulky. My goal is to quickly deliver a working
PoC for the resource server, with plans to refactor in the longer run.
Please feel free to provide feedback on the class design.
