Closed
Description
Describe the bug
https://docs.spring.io/spring-security/site/docs/6.4.2/api/org/springframework/security/oauth2/server/resource/introspection/OpaqueTokenIntrospector.html
Returning a
Mapis indicative that the token is valid.Returns: the token's attributes
The method returns an OAuth2AuthenticatedPrincipal, not a Map of attributes.
Expected behavior
Documentation to match the current implementation, and ideally describe the throws contract too.
Is the method also supposed to verify the token expiration, whether the user exists, etc. or is that done later?