Introspect OAuth token

POST 
/api/oauth/:OAuthAppName/introspect

Returns the active state and metadata of an OAuth access token (RFC 7662). Client must authenticate with client_id and client_secret (POST body or Basic). Invalid or expired tokens return active false.

Request

Responses

200

OK: Introspection result (active true with claims, or active false).

400

Status Bad Request: The request could not be understood by the server due to malformed syntax.

401

Status Unauthorized: The client must authenticate itself to get the requested response.

403

Status Forbidden: The client does not have permission to access the resource.