Use this endpoint to retrieve token metadata

post https://{pointofcontact}/oauth2/introspect

Query the authorization server to determine the set of metadata for a given token.
This metadata includes whether or not the token is currently active (or if it has
expired or otherwise been revoked), what rights of access the token carries (usually
conveyed through OAuth 2.0 scopes), and the authorization context in which the token
was granted (including who authorized the token and which client it was issued to).

time	status	user agent
Retrieving recent requests…

Loading…

Form Data

token

string

required

The string value of the token

token_type_hint

string

A hint about the type of the token submitted for introspection

client_id

string

OAuth2.0 client identifier. Required when the client authentication method is using
"client_secret_post" or "tls_client_auth". It is optional when using "private_key_jwt"
client authentication; when specified it MUST match the "client_assertion" subject.

client_secret

string

OAuth2.0 client secret. May be specified when using "client_secret_post" client
authentication method.

client_assertion

string

The "private_key_jwt" assertion being used to authenticate the client.

client_assertion_type

string

Type of the client assertion.

Headers

x-client-certificate

string

MTLS Client Certificate

Response

Language

Credentials

Basic

base64

URL


xxxxxxxxxx
1
curl --request POST \
2
     --url https://pointofcontact/oauth2/introspect \
3
     --header 'accept: application/json' \
4
     --header 'content-type: application/x-www-form-urlencoded'

Click Try It! to start a request and see the response here! Or choose an example:

application/json

200Metadata associated with the given token.