Token introspection with Spring Authorization Server

To check if an access token is still valid, expired, revoked, issued by our Authorization Server, we will use the Authorization Server token introspection endpoint to do this.

With Authorization Server implemented using Spring Authorization Server, you can use the endpoint token introspection as POST request http://localhost:8080/oauth2/introspect with request body containing parameter token with value is the access token we want to check, client_id and client_secret to authenticate the request.

Note that when setting up Authorization Server using Spring Authorization Server, you need to provide issuer information by declaring a bean of the ProviderSettings class, for example as follows:

Suppose now, you get the access token of a RegisteredClient declared in the Authorization Server:

then request to endpoint token introspection, you will see the following result:

4.5/5 - (2 votes)

One thought on “Token introspection with Spring Authorization Server

  1. Thanks it worked perfectly. if possible can you make an article on JdbcRegisteredClientRepository. i need it. thanks.

Add Comment