From 53867e273b34ad04e846d970fd81c63dfd2910f7 Mon Sep 17 00:00:00 2001
From: Henry-Hiles <henry@henryhiles.com>
Date: Sun, 20 Jul 2025 16:27:53 -0400
Subject: [PATCH] Add introspection endpoint

---
 bin/matrixoidc.dart         |  1 +
 lib/helpers/api_helper.dart | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/bin/matrixoidc.dart b/bin/matrixoidc.dart
index 6ab2aa0..dabc347 100644
--- a/bin/matrixoidc.dart
+++ b/bin/matrixoidc.dart
@@ -36,6 +36,7 @@ void main(List<String> argsRaw) async {
               ..get("/userinfo", apiHelper.userinfoHandler)
               ..get("/bridge", apiHelper.bridgeHandler)
               ..post("/login", apiHelper.loginHandler)
+              ..post('/introspect', apiHelper.introspectionHandler)
               ..post("/logout", apiHelper.logoutHandler)
               ..post("/token", apiHelper.tokenHandler))
             .call,
diff --git a/lib/helpers/api_helper.dart b/lib/helpers/api_helper.dart
index 84fb562..8dc4362 100644
--- a/lib/helpers/api_helper.dart
+++ b/lib/helpers/api_helper.dart
@@ -157,6 +157,31 @@ class ApiHelper {
     }
   }
 
+  Future<Response> introspectionHandler(Request request) async {
+    final token = Uri.splitQueryString(await request.readAsString())['token'];
+    if (token == null) return Response(400, body: "Missing token");
+
+    try {
+      JWT.verify(
+        token,
+        SecretKey(
+          (await File.fromUri(
+            Uri.file(ref.read(SettingsController.provider)!.jwtSecretFile),
+          ).readAsString()),
+        ),
+      );
+      return Response.ok(
+        json.encode({'active': true}),
+        headers: {'content-type': 'application/json'},
+      );
+    } catch (_) {
+      return Response.ok(
+        json.encode({'active': false}),
+        headers: {'content-type': 'application/json'},
+      );
+    }
+  }
+
   Future<Response> logoutHandler(Request request) async =>
       Response.ok("Log out is not currently implemented");
 
@@ -168,6 +193,7 @@ class ApiHelper {
         "authorization_endpoint": settings.authorizeEndpoint,
         "token_endpoint": "${settings.issuer}/token",
         "userinfo_endpoint": "${settings.issuer}/userinfo",
+        "introspection_endpoint": "${settings.issuer}/introspect",
         "end_session_endpoint": "${settings.issuer}/logout",
         "response_types_supported": ["code"],
         "subject_types_supported": ["public"],