Introspect OAuth2 Access and Refresh Tokens

POST {{baseUrl}}/admin/oauth2/introspect

The introspection endpoint allows to check if a token (both refresh and access) is active or not. An active token is neither expired nor revoked. If a token is active, additional information on the token will be included. You can set additional data for a token by setting session.access_token during the consent flow.

Request Body

[{"name"=>"token", "value"=>"<string>", "datatype"=>"string"}, {"name"=>"scope", "value"=>"<string>", "datatype"=>"string"}]

HEADERS

KeyDatatypeRequiredDescription
Content-Typestring
Acceptstring

RESPONSES

status: OK

{&quot;active&quot;:&quot;\u003cboolean\u003e&quot;,&quot;aud&quot;:[&quot;\u003cstring\u003e&quot;,&quot;\u003cstring\u003e&quot;],&quot;client_id&quot;:&quot;\u003cstring\u003e&quot;,&quot;exp&quot;:&quot;\u003clong\u003e&quot;,&quot;ext&quot;:{&quot;nisi_9&quot;:{}},&quot;iat&quot;:&quot;\u003clong\u003e&quot;,&quot;iss&quot;:&quot;\u003cstring\u003e&quot;,&quot;nbf&quot;:&quot;\u003clong\u003e&quot;,&quot;obfuscated_subject&quot;:&quot;\u003cstring\u003e&quot;,&quot;scope&quot;:&quot;\u003cstring\u003e&quot;,&quot;sub&quot;:&quot;\u003cstring\u003e&quot;,&quot;token_type&quot;:&quot;\u003cstring\u003e&quot;,&quot;token_use&quot;:&quot;\u003cstring\u003e&quot;,&quot;username&quot;:&quot;\u003cstring\u003e&quot;}