The default Introspector: POSTs an RFC 7662 introspection request to the configured endpoint with the resource server's client authentication.
A short-TTL cache of positive (active:true) introspection results, keyed by the raw token. Negative results are never cached.
Build the form body for an introspection request (RFC 7662 2.1). For client_secret_post, the client credentials are appended to the body.
Extract the exp claim (token expiry, unix seconds) from an introspection response (RFC 7662 2.2 / RFC 7519 4.1.1). Returns 0 when absent or not a number, signalling "no known expiry".
Map a raw RFC 7662 introspection response document to a TokenInfo, applying the cfg audience and required-scope checks. active:false, a non-object response, or a missing/false active member yields an invalid result.
Extract granted scopes from an introspection response: scope is a space-delimited string (RFC 7662 2.2).
Build a TokenValidator from cfg. The returned delegate introspects a bearer token at the configured endpoint and yields a TokenInfo (valid == false on active:false, HTTP failure, or parse error). Plug it into ResourceServerConfig.validator.
A source of introspection responses for a token. Separated from HTTP so tests can drive verification against a stub endpoint.
Configuration for introspectionVerifier.
A ready-made opaque-token verifier that validates bearer tokens via OAuth 2.0 Token Introspection (RFC 7662), so MCP server authors don't have to hand-roll the introspection request, response parsing, and claim checks. It is the D analogue of FastMCP's IntrospectionTokenVerifier.
The verifier POSTs the presented token to the authorization server's introspection endpoint (authenticating as a resource server with client_secret_basic or client_secret_post), then maps the RFC 7662 response to a TokenInfo: active:false (or any HTTP/parse error) yields an invalid result, while active:true yields a valid TokenInfo with scope, sub, and aud mapped across, after enforcing the configured audience and required scopes. Positive results may be briefly cached.