You are viewing an old version of this page. View the current version.
Compare with Current View Page History
Version 1 Current »
The Token Introspection endpoint allows your application to return information about an access token or refresh token. You can find this endpoint from the OAuth Discovery Endpoint.
https://<EID Server>/oauth/.well-known/openid-configuration
1. Initiate a request to the EmpowerID Token Introspection endpoint, https://<EID Server>/oauth/v2/tokeninfo
https://<EID Server>/oauth/v2/tokeninfo
POST /oauth/v2/userinfo HTTP/1.1 Host: <EID Server> Content-Type: application/x-www-form-urlencoded Cache-Control: no-cache Authorization: Basic base64Encode(<ClientID>:<ClientSecret>) token=xxxxxxxxxxxxxxxxxx &token_type_hint=refresh_token/access_token
Header Parameter
Required/Optional
Description
Content-Type
required
Must be application/x-www-form-urlencoded.
application/x-www-form-urlencoded
Authorization
Base64 encoded value of ClientID and Client Secret base64Encode(<client_id>:<client_secret>)
base64Encode(<client_id>:<client_secret>)
Post Body Parameter
token
Must be the EmpowerID access token or refresh token
token_type_hint=refresh_token OR token_type_hint=access_token
token_type_hint=refresh_token
token_type_hint=access_token
If the token is a refresh token, set token_type_hint=refresh_token; otherwise, set token_type_hint=access_token
2. Returns token information in the response
{ "active": true, "client_id": "xxxxxxxxxxxxxxxxxxxxxxxx", "token_type": "Bearer", "username": "xxxxxxxxxx", "exp": 1555698438, "iat": 1555694839, "nbf": 1555694839, "sub": "xxxxxxxxxxxxx", "iss": "xxxxxxxxxxxxx" }
IN THIS ARTICLE