Token Introspection (RFC 7662)
Allows a Resource Server to query the Authorization Server about the current state of an access token. Returns metadata including whether the token is active, its scopes, subject, and expiration. Essential for opaque tokens and revocation checking.
Token Introspection (RFC 7662)
Allows a Resource Server to query the Authorization Server about the current state of an access token. Returns metadata including whether the token is active, its scopes, subject, and expiration. Essential for opaque tokens and revocation checking.
Sequence Diagram
Click any step for details
Request
Response
Redirect
Internal
Step-by-Step Breakdown
1
Introspection Request
Resource Server → Authorization Server
2
Token Validation
Authorization Server → Authorization Server
3
Introspection Response
Authorization Server → Resource Server
Token Inspector
Specs for this flow
Sections of the protocol that normatively define this flow, plus the security considerations that apply to it.