Documentation for /introspect endpoint

Hi,

I took a while to understand how to use /v1/introspect to validate tokens coming from a Single Page Application. The documentation is not clear on that.

For application having client_id and client_secret, the doc is clear. We wrap that on Basic Authentication, add token as querystring parameter and create a request.

When getting access token for Single Page Application we don’t have client_secret. We don’t use any authentication method and provide client_id as querystring parameter.

The documentation is explicit on that https://developer.okta.com/docs/reference/api/oidc/#introspect.

1 Like

Hi @fabiomontefuscolo,

Thanks for your valuable feedback.
The documentation is indeed lacking for calling /introspect endpoint for SPA tokens.
We will update the documentation accordingly.

Update: We have updated the documentation. Please take a look if it looks right. Thanks again.

Regards,
Vijet