Introspect OAuth2 Access and Refresh Tokens
POST {{baseUrl}}/admin/oauth2/introspect
The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token
is neither expired nor revoked. If a token is active, additional information on the token will be included. You can
set additional data for a token by setting session.access_token
during the consent flow.
Request Body
[{"name"=>"token", "value"=>"<string>", "datatype"=>"string"}, {"name"=>"scope", "value"=>"<string>", "datatype"=>"string"}]
HEADERS
Key | Datatype | Required | Description |
---|---|---|---|
Content-Type | string | ||
Accept | string |
RESPONSES
status: OK
{"active":"\u003cboolean\u003e","aud":["\u003cstring\u003e","\u003cstring\u003e"],"client_id":"\u003cstring\u003e","exp":"\u003clong\u003e","ext":{"nisi_9":{}},"iat":"\u003clong\u003e","iss":"\u003cstring\u003e","nbf":"\u003clong\u003e","obfuscated_subject":"\u003cstring\u003e","scope":"\u003cstring\u003e","sub":"\u003cstring\u003e","token_type":"\u003cstring\u003e","token_use":"\u003cstring\u003e","username":"\u003cstring\u003e"}