POST /oauth/introspect
OAuth 2.0 token introspection endpoint. Checks token active status, returns token metadata (sub, client_id, scope, exp, etc.). Returns flat JSON (no code/message envelope). Reference: RFC 7662 (Token Introspection).
OAuth None application/x-www-form-urlencoded
Request Parameters
| Name | In | Type | Required | Default | Example | Constraints | Description |
token |
formData |
string |
Yes |
|
|
|
Token to inspect (access_token or refresh_token) |
Referenced Schemas
dto.OAuthErrorResponse
OAuth standard error response
| Field | Type | Required | Example | Constraints | Description |
error |
string |
No |
invalid_request |
|
Error code |
error_description |
string |
No |
Missing required parameter |
|
Error description |
error_uri |
string |
No |
https://docs.example.com/errors |
|
Error URI |
state |
string |
No |
state-123 |
|
Status |
dto.TokenIntrospectionResponse
Token introspection result
| Field | Type | Required | Example | Constraints | Description |
active |
boolean |
No |
True |
|
Is active |
aud |
string |
No |
auth-ms |
|
Audience |
client_id |
string |
No |
app-123 |
|
Client ID |
exp |
integer |
No |
1713187200 |
|
Expiration time |
iat |
integer |
No |
1713183600 |
|
Issued at |
scope |
string |
No |
openid profile |
|
Scope |
sub |
string |
No |
usr_abc123 |
|
User ID |
token_type |
string |
No |
Bearer |
|
Token type |
username |
string |
No |
user@example.com |
|
Username |