Allow for introspection/revocation based on provisioning token? #223
Description
Discussion point.
Meeting with Grid Security points out up and coming problem with services such as FTS that will start a flow, fork it and do exchanges/refreshes getting thousands of access tokens with lifetimes of weeks, distributed over a large network. Going back to the introspection endpoint is not going to scale. Perhaps get a list of currently valid tokens based on ersatz clients? By the same "token", allow for invalidating a bunch of tokens given a provisioner and provisioning token?