help request: Check the Access token of keyclak based on Introspect Endpoint

[SKDragon18]

Description

Hi everyone, i want to know how to set authz-keycloak checking access token info by introspect endpoint from KeyCloak. It's using jwt decode to check permission (resource), right?

Environment

• APISIX version (run apisix version):
• Operating system (run uname -a):
• OpenResty / Nginx version (run openresty -V or nginx -V):
• etcd version, if relevant (run curl http://127.0.0.1:9090/v1/server_info):
• APISIX Dashboard version, if relevant:
• Plugin runner version, for issues related to plugin runners:
• LuaRocks version, for installation issues (run luarocks --version):

[SKDragon18]

this is my setting, i want apisix to check token by Introspect Endpoint because access token not recall, it have old role.
"authz-keycloak": {
"_meta": {
"disable": false
},
"access_token_expires_in": 300,
"access_token_expires_leeway": 0,
"cache_ttl_seconds": 86400,
"client_id": "apisix",
"grant_type": "urn:ietf:params:oauth:grant-type:uma-ticket",
"http_method_as_scope": false,
"keepalive": true,
"keepalive_pool": 5,
"keepalive_timeout": 60000,
"lazy_load_paths": false,
"permissions": [
"Default Resource",
"Giteav1"
],
"policy_enforcement_mode": "ENFORCING",
"refresh_token_expires_in": 3600,
"refresh_token_expires_leeway": 0,
"ssl_verify": true,
"timeout": 3000,
"token_endpoint": "http://host.docker.internal:8080/realms/apisix_test_realm/protocol/openid-connect/token"
},
"openid-connect": {
"accept_none_alg": false,
"accept_unsupported_alg": true,
"access_token_expires_leeway": 0,
"access_token_in_authorization_header": true,
"bearer_only": true,
"client_credentials_requires_scope": false,
"client_id": "apisix",
"client_jwt_assertion_expires_in": 60,
"client_secret": "UDrN+4q9hETmxxxkda2PO0nTTudn9+PC",
"discovery": "http://host.docker.internal:8080/realms/apisix_test_realm/.well-known/openid-configuration",
"force_reauthorize": false,
"iat_slack": 120,
"introspection_endpoint": "http://host.docker.internal:8080/realms/apisix_test_realm/protocol/openid-connect/token/introspect",
"introspection_endpoint_auth_method": "client_secret_basic",
"introspection_interval": 0,
"jwk_expires_in": 86400,
"jwt_verification_cache_ignore": false,
"logout_path": "/logout",
"public_key": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9xxxxUJgAyvrktiN/fwOt4AOWKQLtVBAKods95g2MI0kb7JkWXGACBtT9KfoC4IhIdDR\n1zpfugYDwlX4nJm37Xu9dWa6QniwLO+45u4tesgtlzCizpWCb41FD2dKVpcRQHKW\n2QIDAQAB\n-----END PUBLIC KEY-----",
"realm": "apisix_test_realm",
"refresh_token_expires_in": 0,
"refresh_token_in_authorization_header": true,
"renew_access_token_on_expiry": true,
"revoke_tokens_on_logout": false,
"scope": "openid email profile offline_access",
"set_access_token_header": true,
"set_id_token_header": true,
"set_refresh_token_header": true,
"set_userinfo_header": true,
"ssl_verify": false,
"timeout": 3,
"token_endpoint_auth_method": "client_secret_basic",
"token_signing_alg_values_expected": "RS256",
"unauth_action": "deny",
"use_nonce": false,
"use_pkce": false
},