Token Introspection Endpoint
The Token Introspection endpoint allows your application to return information about an access token or refresh token. You can find this endpoint from the OAuth Discovery Endpoint.
OAuth Discovery Endpoint
https://<EID Server>/oauth/.well-known/openid-configuration
How to call the Token Introspection Endpoint
1. Initiate a request to the EmpowerID Token Introspection endpoint, https://<EID Server>/oauth/v2/tokeninfo
POST /oauth/v2/userinfo HTTP/1.1
Host: <EID Server>
Content-Type: application/x-www-form-urlencoded
Cache-Control: no-cache
Authorization: Basic base64Encode(<ClientID>:<ClientSecret>)
token=xxxxxxxxxxxxxxxxxx
&token_type_hint=refresh_token/access_token
Header Parameter | Required/Optional | Description |
---|---|---|
| required | Must be |
| required | Base64 encoded value of ClientID and Client Secret |
Post Body Parameter | Required/Optional | Description |
---|---|---|
| required | Must be the EmpowerID access token or refresh token |
| required | If the token is a refresh token, set |
2. Returns token information in the response
{
"active": true,
"client_id": "xxxxxxxxxxxxxxxxxxxxxxxx",
"token_type": "Bearer",
"username": "xxxxxxxxxx",
"exp": 1555698438,
"iat": 1555694839,
"nbf": 1555694839,
"sub": "xxxxxxxxxxxxx",
"iss": "xxxxxxxxxxxxx"
}
IN THIS ARTICLE