class Doorkeeper::OAuth::TokenIntrospection

be used at the resource server making the introspection call.
authorization server MUST determine whether or not the token can
o If the token can be used only at certain resource servers, the
validate the signature.
o If the token has been signed, the authorization server MUST
place.
server MUST determine whether or not such a revocation has taken
o If the token can be revoked after it was issued, the authorization
period has started yet.
authorization server MUST determine whether or not a token's valid
o If the token can be issued before it is able to be used, the
whether or not the token has expired.
o If the token can expire, the authorization server MUST determine

token's state. For instance, these tests include the following:
authorization server MUST perform all applicable checks against a
authorization server to determine the state of a token, the
Since resource servers using token introspection rely on the

* The token was issued to a different client than is making this request
* The token expired
* The token requested does not exist or is invalid

Any other error is considered an "inactive" token.

before its expiration time).
given time window of validity (e.g., after its issuance time and
has not been revoked by the resource owner, and is within its
that a given token has been issued by this authorization server,
value return for the "active" property will generally indicate
server and the information it keeps about its tokens, but a "true"
will vary depending on the implementation of the authorization
is currently active. The specifics of a token's "active" state
Boolean indicator of whether or not the presented token

def active?
  if authorized_client
    valid_token? && token_introspection_allowed?(auth_client: authorized_client.application)
  else
    valid_token?
  end
end