OAuth 2.0 token introspection
Token introspection is a mechanism for resource servers to obtain information about access tokens. With this spec, resource servers can check the validity of access tokens and find out other information such as which user and which scopes are associated with the token.
info
Token introspection is meant for first-party or internal use only. The endpoint shouldn't be exposed publicly.
import { Configuration, OAuth2Api } from "@ory/client"
const ory = new OAuth2Api(
new Configuration({
basePath: `https://${process.env.ORY_PROJECT_SLUG}.projects.oryapis.com`,
accessToken: process.env.ORY_API_KEY,
}),
)
export async function introspectToken(accessToken: string) {
const { data } = await ory.introspectOAuth2Token({ token: accessToken })
data.active // true or false
}