From 4e1bb330aa312ae98cd8ef4ad73ca89510278ce3 Mon Sep 17 00:00:00 2001
From: Thomas Sileo <t@a4.io>
Date: Fri, 3 Feb 2023 08:55:31 +0100
Subject: [PATCH] Fix OAuth introspection endpoint

---
 app/indieauth.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/app/indieauth.py b/app/indieauth.py
index 7e657ea..ea4d21d 100644
--- a/app/indieauth.py
+++ b/app/indieauth.py
@@ -532,6 +532,10 @@ async def oauth_introspection_endpoint(
     if not access_token:
         return JSONResponse(content={"active": False})
 
+    is_token_valid, _ = await _check_access_token(db_session, token)
+    if not is_token_valid:
+        return JSONResponse(content={"active": False})
+
     return JSONResponse(
         content={
             "active": True,