Version 5.x has been out of support since December 13, 2022, and this corresponding section of the documentation is no longer maintained. We strongly recommend upgrading to a supported version.
When using reference tokens, Duende IdentityServer stores the contents of the token in the persisted grant store and issues a unique identifier for this token back to the client.
The consumer of the token must use the introspection endpoint to validate the token.
You can set the token type of a client using the following client setting:
client.AccessTokenType = AccessTokenType.Reference;
The introspection endpoint requires authentication - since the client of an introspection endpoint is typically an API, you configure the secret on the ApiResource:
var api = new ApiResource("api1")
{
ApiSecrets = { new Secret("secret".Sha256()) }
Scopes = { "read", "write" }
}