Hi,
I would like to keep my access tokens rather small and use a remote endpoint to (1) validate the access token, and (2) obtain additional data. The introspection endpoint seems to be a good fit for (1). Is there also the possibility to map additional values to the response? E.g. I would like to know the roles of the user. The standard role mapper unfortunately only offers the possibility to map them to user token, access token, or userInfo endpoint.
I dont want to have all user roles in the JWT as that set can be quite huge in the current setup and the access token is send with every request to the resource server.
Is there some way to put additional data into the response of the introspection endpoint?
Regards
Sebastian