Check Token Validity
Check whether the current user's token is valid. If the token is valid, true is returned; if invalid or expired, false is returned.
Request Description
http
POST https://{your_domain}/api/v1/oauth2/introspectRequest Headers
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| Authorization | Authentication info | Required | Basic UnFCMkOWk9xWA== | Use client_id and client_secret for Base64 authentication. Format: base64(client_id:client_secret) |
| Content-Type | Data type | Required | application/x-www-form-urlencoded | Submit parameters using form data. |
Request Example
http
POST https://{your_domain}/api/v1/oauth2/introspectAuthorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==
Content-Type: application/x-www-form-urlencoded
token=MmVkMTIyNGUzODBkYjY3UV4nmxKh4z....&token_type_hint=access_token
Request Parameters
| Parameter | Name | Required | Example | Description |
|---|---|---|---|---|
| token | Token | Yes | ||
| token_type_hint | Optional | Defaults to access_token |
Response Example
Success Example
Correct response example when token is valid
HTTP/1.1 200 OK
json
{
"active": true,
"token_type": "bearer",
"scope": "openid profile",
"client_id": "J8NFmU4tJVgDxKaJFmXTWvaHO",
"username": "zhangsan",
"exp": 1437275311
}Correct response example when token is invalid or expired
HTTP/1.1 200 OK
json
{
"active": false,
}Error Example
HTTP 401 Unauthorized
json
{
"error": "invalid_client",
"error_description": "Bad client credentials"
}Response Parameters
If successful, the Access Token can be obtained from the response.
| Parameter | Name | Required | Description |
|---|---|---|---|
| active | Token status | Required | true indicates the token is valid; false indicates the token is invalid or expired |
| token_type | Token type | Optional | |
| scope | Authorization scope | Optional | |
| client_id | Application client ID | Optional | |
| username | Username | Optional | |
| exp | Expiration time | Optional | Unix timestamp |