Does \userinfo API do token validation implicit ?
I am getting access token from client UI screen .
Do I need to validate it first by using \intospect then make a call to \userinfo api
or
2 call \userinfo API directly skipping token validation \introspect , since \userinfo will do token validation .
Thanks
Hi @shirish2005! You only need to pass the access token from the authorization endpoint - OpenID Connect & OAuth 2.0 API | Okta Developer. Essentially you are using the access token to authenticate via the Authorization header and this is how it is validated per the spec Final: OpenID Connect Core 1.0 incorporating errata set 1
This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.