[RFC7662] Add introspect endpoint to introspect access & refresh token

[supercairos]

Overview

Implement RFC7662.
See https://datatracker.ietf.org/doc/html/rfc7662

What this PR does / why we need it

It implements the RFC7662.
A endpoint to determine the active state of an OAuth 2.0 token and to determine meta-information about this token.
OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.

[supercairos]

See issue: #3387 (for linking)

[supercairos]

I've started the tests, but haven't finished. Would be happy to have a super quick review before doing all the tests @nabokihms 🙏

[supercairos]

I think I've added the latests tests, feel free to review :)

[nabokihms]

Thanks, looks awesome. I have a couple of suggestions / concerns, but overall it looks good.

[calderonth]

This looks good!
I think it's also missing the advertisement of the introspection_endpoint in the discovery structure and handler.

[supercairos]

This looks good! I think it's also missing the advertisement of the introspection_endpoint in the discovery structure and handler.

There is actually no introspection_endpoint on the OpenID Connect discovery:
https://openid.net/specs/openid-connect-discovery-1_0.html

But I can definitely add this if you want :)

[supercairos]

Ok, there is some in this RFC: https://datatracker.ietf.org/doc/html/rfc8414

I'll add it later today :)

[supercairos]

This looks good! I think it's also missing the advertisement of the introspection_endpoint in the discovery structure and handler.

Done, I took the liberty of writing tests for the static handler function also :)

[nabokihms]

@supercairos, thank you, it looks good!
@calderonth, also, thank you for pointing out the discovery.