|Request parameters||See below|
|Response elements||See below|
Introspect is a standard endpoint used by Resource Servers to determine the particuar Authentication Context for a by-reference Access Token. A Resource Server needs such information to validate incomming tokens before granting access to Proteted Resources it hosts. Note in contrast that self-contained Access Tokens can be validated by a Resource Server without calling the Introspection endpoint. Each of the particular types of by-reference tokens supported by the OIDC Provider from BankID have corresponding support in the Introspect endpoint.
= According to standard. = Feature restriction.
|String value of the by-reference token|
JSON structure containing relevant attributes for the Access Token in question. The following attributes are supported
= According to standard. = Feature restriction. = In progress / future support. = Custom additions
|Indicator of whether or not the presented token is currently active|
|Scopes associated with the access token in question|
|Identifier of the OIDC client that requested the token|
|Type of token|
|Expiration time for the token|
|Issuing time for the token|
|Subject identifier of the end-user with which the token is associated|
|Identifier for the issuer of the token|
|Norwegian National Identity Number of the end-user with which the token is associated (corresponds to nnin_altsub in IDToken). Only available for eligible OAuth Resource Servers. Note: an eligible Resource Server may get access to nnin even of the OIDC Client that received the access token in question is not eligible.|
The following example shows a request / response pair for the Introspect endpoint at the BankID pilot in pre-production. The example is generated from Postman (which is configured as a client at the OIDC Provider). The value for the access token in the request (
token=4497db915b5b479191c81a7854a2fa8) is taken from the corresponding example for the Token endpoint.