Screenshot New Years Sale Get the "ALL ACCESS PASS" and Save $349. Unlimited Licenses.
Show All Access Pass

OAuth 2.0 Token Introspection

Published: October 4, 2018 | Updated: December 29th, 2019
  1. Home
  2. Docs
  3. How To
  4. OAuth 2.0 Token Introspection

Overview

In OAuth 2.0, the contents of an access token are unique to the client that it is being used by. Although a token has information about the client assigned to it, a token also has meta information. This metadata contains information like, if the token is valid, scopes, and what the token is being used for.

Token Introspection is a method for a protected resource to query an OAuth 2.0 authorization server to determine the active state of an OAuth 2.0 token and to determine meta-information about this token. OAuth 2.0 deployments can use this method to convey information about the authorization context of the token from the authorization server to the protected resource.

Starting with WP OAuth Server 3.0, Token Introspection is supported.

POST /oauth/introspection/ HTTP/1.1
Host: server.example.com
Accept: application/json
Content-Type: application/x-www-form-urlencoded
Authorization: Bearer ABC123

Be sure to replace your the Bearer token with the token you are looking up.

Icon