You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »

<baseurl>/oauth/introspect

Endpoint (standard)
URL<baseurl>/oauth/introspect
AuthenticationBasic  


The introspect endpoint is thoroughly described in the OIDC/OAUTH2 standards. It is used by resource servers to validate access_tokens received in the authorize header from a client.

Request parameters

Response elements

In return the resource server get claims from the access_token including its expiration time. The return is in JSON form with a list of name/value pairs. Below is an example response from the OIDC Provider in its current BankID pilot configuration in pre-production:

{
 "active": true,
 "client_id": "Postman",
 "username": "5fa97f18-479f-4a8f-86d5-bfadc5d69cd9",
 "token_type": "Bearer",
 "scope": "openid",
 "iss": "https://preprod.bankidapis.no",
 "iat": 1494664610,
 "exp": 1494668210
}

 

  • No labels