oauth2server: token describe / introspection -endpoint #142
Description
Should invenio-oauth2server have an endpoint, where registered OAuth2 application can send a token for introspection?
Basically the endpoint would "describe" the token by returning the scopes associated to the token and possibly other information as well (e.g. lifetime, issued at, etc.)
Similar to RFC 7662 - OAuth 2.0 Token Introspection
Alternative could be to return scopes associated to a certain token on every request made to the invenio-oauth2server API. Slack, for example, does this for their Web API using a 'X-OAuth-Scopes'-header:
X-OAuth-Scopes: identity.basic,reactions:read