Token introspection
Last updated
Last updated
When an application receives an HTI launch, it will . To ensure that not every application has to build in all the security logic to verify this token, Koppeltaal offers on the authentication server. This eliminates the need for the application to .
When Token Introspection approves a token, the extracted body of the JWT token will be returned. If a 200
response code is returned, the application must ALWAYS verify that the active
attribute in the response is true
.
POST
{AUTH_SERVER_URL}/oauth2/introspect
Content-Type*
String
application/x-www-form-urlencoded
Accept*
String
application/json
client_assertion*
String
JWT as composed for the
client_assertion_type*
String
Always:
urn:ietf:params:oauth:client-assertion-type:jwt-bearer
token*
String
The JWT to be validated