Does \userinfo API do token validation?

Does \userinfo API do token validation implicit ?

I am getting access token from client UI screen .

  1. Do I need to validate it first by using \intospect then make a call to \userinfo api


2 call \userinfo API directly skipping token validation \introspect , since \userinfo will do token validation .


Hi @shirish2005! You only need to pass the access token from the authorization endpoint - OpenID Connect & OAuth 2.0 API | Okta Developer. Essentially you are using the access token to authenticate via the Authorization header and this is how it is validated per the spec Final: OpenID Connect Core 1.0 incorporating errata set 1