Token Introspection Endpoint

The Token Introspection endpoint allows your application to return information about an access token or refresh token. You can find this endpoint from the OAuth Discovery Endpoint.

OAuth Discovery Endpoint

https://<EID Server>/oauth/.well-known/openid-configuration

How to call the Token Introspection Endpoint

1. Initiate a request to the EmpowerID Token Introspection endpoint, https://<EID Server>/oauth/v2/tokeninfo

POST /oauth/v2/userinfo HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)
 
token=xxxxxxxxxxxxxxxxxx
&token_type_hint=refresh_token/access_token

Header Parameter	Required/Optional	Description

Header Parameter	Required/Optional	Description
`Content-Type`	required	Must be `application/x-www-form-urlencoded`.
`Authorization`	required	Base64 encoded value of ClientID and Client Secret `base64Encode(<client_id>:<client_secret>)`

Post Body Parameter	Required/Optional	Description

Post Body Parameter	Required/Optional	Description
`token`	required	Must be the EmpowerID access token or refresh token
`token_type_hint=refresh_token` OR `token_type_hint=access_token`	required	If the token is a refresh token, set `token_type_hint=refresh_token`; otherwise, set `token_type_hint=access_token`

2. Returns token information in the response

{
    "active": true,
    "client_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
    "token_type": "Bearer",
    "username": "xxxxxxxxxx",
    "exp": 1555698438,
    "iat": 1555694839,
    "nbf": 1555694839,
    "sub": "xxxxxxxxxxxxx",
    "iss": "xxxxxxxxxxxxx"
}

IN THIS ARTICLE