post https://{pointofcontact}/oauth2/introspect
Query the authorization server to determine the set of metadata for a given token.
This metadata includes whether or not the token is currently active (or if it has
expired or otherwise been revoked), what rights of access the token carries (usually
conveyed through OAuth 2.0 scopes), and the authorization context in which the token
was granted (including who authorized the token and which client it was issued to).