How to validate OAuth Access Token

john · August 8, 2017, 5:09am

Hi guys, I am using the following API and generating an sessionToken,
POST http://dev-1234.oktapreview.com/api/v1/authn

{
“username”: “somename@gmail.com”,
“password”: “somepassword”,
“options”: {
“multiOptionalFactorEnroll”: false,
“warnBeforePasswordExpired”: false
}
}

Response -

{
    "expiresAt": "2017-08-08T05:11:38.000Z",
    "status": "SUCCESS",
    "sessionToken": "20111B2_dkVTy--9K_2C1-Til1v9WTHcHBSh_FU9N6mx",
    "_embedded": {
        "user": {
            "id": "00ubd4HxZS0h7",
            "passwordChanged": "2017-07-26T05:00:09.000Z",
            "profile": {
                "login": "somename@gmail.com",
                "firstName": "s",
                "lastName": "sds",
                "locale": "en",
                "timeZone": "America/Los_Angeles"
            }
        }
    }
}

How can I validate this sessionToken?
I used Introspect API, it alawys gives “active” as false.

mcguinness · August 8, 2017, 8:06pm

The sessionToken is a one-time token used to bootstrap a session with Okta in a browser, it’s not used as an access token. You can pass the sessionToken with OAuth Authorization Request or via a SSO request.

system · January 12, 2024, 7:14pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Authorization using session token Questions	2	55	September 22, 2024
Introspect api always return "active" false for validating access token OAuth/OIDC	5	9262	July 27, 2018
Refreshing Access Tokens Okta Spring Boot Starter OAuth/OIDC spring , java	3	7537	January 12, 2024
Validating expired token leads to "active" response from /introspect endpoint OAuth/OIDC api	2	3001	February 8, 2024
Failing to validate Client Credentials Flow access token Questions	2	3981	July 24, 2020

How to validate OAuth Access Token

Related topics