OAuth 2.0 Token Introspection | How To | WP OAuth Server

OAuth 2.0 Token Introspection

Documentation under "How To" for WP OAuth Server


OAuth 2.0 Token Introspection

In OAuth 2.0, the contents of an access token are unique to the client that it is being used by. Although a token has information about the client assigned to it, a token also has meta information. This metadata contains information like, is the token valid? valid scopes and even sometimes, what the token is being used for.

Token Introspection is a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.

Starting with WP OAuth Server 3.0, Token Introspection is supported.

POST /oauth/introspection/ HTTP/1.1
Host: server.example.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer ABC123

Be sure to replace your the Bearer token with the token you are looking up.