PhenixID DocumentationPhenixID Authentication ServicesSolutions Developer integration guides OAuth2 Token introspection - integration guide for developers

OAuth2 Token introspection - integration guide for developers

Overview

This API is used to get introspect an access token (this means checking if the token is active and which user the token is issued to).

Prerequisites

- PhenixID Authentication Services HTTP API configured for OAuth2 token introspection use case

- OAuth/OIDC OP Discovery URL

Token introspection - data to be fetched before api call

The api client must fetch this value:

- access_token, returned from previous authentication (this might be returned through API, OIDC or SAML2)

 How this parameter is fetched may differ depending on the use case.

Token introspection - api call

Request

Method: HTTP POST

Endpoint: <This value is fetched from the OAuth/OIDC discovery URL)
Example: /api/authentication/introspect?tenant=t1

Headers:

Name Value
Mandatory Comment
Content-Type application/x-www-form-urlencoded
Yes
Authorization Basic <b64(client_id:client_secret)> Yes HTTP Basic authentication will be used by default.

Body:

token=<access_token>

Example request

 

PUT /api/authentication/introspect?tenant=t1 HTTP/1.1
Host: integration.phenixid.se
Content-Type: application/json
Authorization: Basic ZG9uYWxkOnRydW1wZQ==
cache-control: no-cache

token=21e0d582-f1b9-4747-95ad-f16ca7ef2a9c

 

 

 

Response

Response

The HTTP Response status code may have one of these values:

- 200 if ok.

- 403 if authentication failed or any error occured.

 

Response body:

Key Type Example Comment
Active Boolean true Result of access_token status control
username String abj username bound to access_token (if the subject is a user)