Introspection endpoint

Validates access tokens.

Client credentials must be included in the HTTP Authorization header.

(Authorization: Basic <credentials>).

Note: The metadata must contain the introspection_endpoint key.

Example: http://127.0.0.1:8080/oidc/tenant1/introspection-endpoint

Request parameters

These parameters must be posted as a part of the URL-encoded form values.

Parameter
Description
Mandatory

token

The access token to inspect.

User info endpoint errors

Error id
Description

invalid_request

The request is NOT valid. This is usually due to missing access token.

invalid_client

The calling RP is not allowed.