Introspect a token for a given AuthorizationServer
POST/oauth/introspect/:tokenIntrospectorName
Validates the submitted token against the AuthorizationServer identified by the path parameter
and returns an introspection response per RFC 7662.
The path parameter must match the name of an AuthorizationServer AuthState registered with this
service instance, and valid client credentials must be supplied in the Authorization header.
If the token is active, the response includes "active": true along with metadata claims;
if expired, revoked, or unknown, the response is {"active": false}.
Use this form when multiple AuthorizationServer instances are configured in the service.
Request
Path Parameters
tokenIntrospectorName stringrequired
Header Parameters
authorization string
- application/x-www-form-urlencoded
Body
token string
token_type_hint string
Responses
- 200
- 400
- 401
- 500
Successful operation
- application/json
- Schema
- Invalid token example
- Valid token example
Schema
- any
{
"active": false
}
{
"active": true,
"scope": "openid email",
"client_id": "my-client-id",
"token_type": "Bearer",
"exp": 1419356238,
"sub": "Z5O3upPC88QrAjx00dis",
"aud": "https://nevis.net/resource",
"iss": "https://nevis.net/"
}
Token or Authorization header is missing
Client authentication failed
Internal server error
Loading...