In OAuth 2.0, the contents of an access token are unique to the client that it is being used by. Although a token has information about the client assigned to it, a token also has meta information. This metadata contains information like, is the token valid? valid scopes and even sometimes, what the token is being used for.
Token Introspection is a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.
Starting with WP OAuth Server 3.0, Token Introspection is supported.
POST /oauth/introspection/ HTTP/1.1 Host: server.example.com Accept: application/json Content-Type: application/x-www-form-urlencoded Authorization: Bearer ABC123
Be sure to replace your the Bearer token with the token you are looking up.
Current Version: 3.7.3
Any documentation and or published articles may not reflect the latest WP OAuth Server plugin version. It is always best to stay updated for security.
How To ArticlesBelow is a list of "How To" documentation articles.
- Connect your App to WordPress Users
- WP REST API Bearer Token Authentication
- Enabling WooCommerce API
- Enable User Consent Dialog
- OAuth 2.0 Token Introspection
- Disable Plugin Updates
- Extending the OpenID Discovery API
- OpenID Authentication for WP REST API
- Using a Bearer Token with WP REST API
- How to Authenticate with WP REST API
- Using POSTMAN and WP REST API
- Setup WP OAuth Server for Single Sign On with WordPress
- Extending Endpoints
- Setting up Moodle and WordPress for Single Sign On
- Rocket.Chat OAuth Setup
- Never Expiring Access Token
OAuth Server 3.7.3
WP OAuth Server Pro allows for Unlimited clients and multiple grant types.BUY NOW