refactor: rename token_type to token_use in introspection

Closes #1762 BREAKING CHANGE: This changes the OAuth2 Token Introspection response to ensure compliance with the OAuth2 Token Introspection specification. Previously, `token_type` would return `access_token` or `refresh_token`. The specification however mandates that `token_type` is always `Bearer`. This patch resolves that issue. The previous behaviour of `token_type` has now been moved to `token_use` which can be `access_token` or `refresh_token`.
ory · Nov 17, 2020 · 152fd5d · 152fd5d
1 parent b727367
commit 152fd5d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/oauth2/introspector.go b/oauth2/introspector.go
@@ -78,9 +78,12 @@ type Introspection struct {
 	// IssuerURL is a string representing the issuer of this token
 	Issuer string `json:"iss,omitempty"`
 
-	// TokenType is the introspected token's type, for example `access_token` or `refresh_token`.
+	// TokenType is the introspected token's type, typically `Bearer`.
 	TokenType string `json:"token_type,omitempty"`
 
+	// TokenUse is the introspected token's use, for example `access_token` or `refresh_token`.
+	TokenUse string `json:"token_use,omitempty"`
+
 	// Extra is arbitrary data set by the session.
 	Extra map[string]interface{} `json:"ext,omitempty"`
 }