Use this endpoint to retrieve token metadata

post

https://{pointofcontact}/oauth2/introspect

Query the authorization server to determine the set of metadata for a given token.
This metadata includes whether or not the token is currently active (or if it has
expired or otherwise been revoked), what rights of access the token carries (usually
conveyed through OAuth 2.0 scopes), and the authorization context in which the token
was granted (including who authorized the token and which client it was issued to).

Recent Requests

Time	Status	User Agent
Retrieving recent requests…

Loading…

Form Data

introspect request parameters

token

string

required

The string value of the token

token_type_hint

string

enum

A hint about the type of the token submitted for introspection

Allowed:

client_id

string

OAuth2.0 client identifier. Required when the client authentication method is using
"client_secret_post" or "tls_client_auth". It is optional when using "private_key_jwt"
client authentication; when specified it MUST match the "client_assertion" subject.

client_secret

string

OAuth2.0 client secret. May be specified when using "client_secret_post" client
authentication method.

client_assertion

string

The "private_key_jwt" assertion being used to authenticate the client.

client_assertion_type

string

enum

Type of the client assertion.

Allowed:

Headers

x-client-certificate

string

MTLS Client Certificate

Response

200Metadata associated with the given token.