Skip to content

Check Token Validity

Check whether the current user's token is valid. If the token is valid, true is returned; if invalid or expired, false is returned.

Request Description

http
POST https://{your_domain}/api/v1/oauth2/introspect

Request Headers

ParameterNameRequiredExampleDescription
AuthorizationAuthentication infoRequiredBasic UnFCMkOWk9xWA==Use client_id and client_secret for Base64 authentication.
Format: base64(client_id:client_secret)
Content-TypeData typeRequiredapplication/x-www-form-urlencodedSubmit parameters using form data.

Request Example

http
POST https://{your_domain}/api/v1/oauth2/introspect

Authorization: Basic UnFCMkhKdGt6bFU...aT0NObkk4NlNOWk9xWA==

Content-Type: application/x-www-form-urlencoded

token=MmVkMTIyNGUzODBkYjY3UV4nmxKh4z....&token_type_hint=access_token

Request Parameters

ParameterNameRequiredExampleDescription
tokenTokenYes
token_type_hintOptionalDefaults to access_token

Response Example

Success Example

Correct response example when token is valid

HTTP/1.1 200 OK

json
{
	"active": true,
    "token_type": "bearer",
 	"scope": "openid profile",
	"client_id": "J8NFmU4tJVgDxKaJFmXTWvaHO",
	"username": "zhangsan",
	"exp": 1437275311
}

Correct response example when token is invalid or expired

HTTP/1.1 200 OK

json
{
	"active": false,
}

Error Example

HTTP 401 Unauthorized

json
{ 	
    "error": "invalid_client",    
    "error_description": "Bad client credentials"
}

Response Parameters

If successful, the Access Token can be obtained from the response.

ParameterNameRequiredDescription
activeToken statusRequiredtrue indicates the token is valid; false indicates the token is invalid or expired
token_typeToken typeOptional
scopeAuthorization scopeOptional
client_idApplication client IDOptional
usernameUsernameOptional
expExpiration timeOptionalUnix timestamp

BambooCloud IDaaS Open Platform