Using postman to generate token using {{url}}/oauth2/default/v1/token api with grant_type “password” and scope “openid”. After successfully generating the token, I am calling {{url}}/oauth2/v1/introspect api to validate the access token.
When I manually validate the token using the okta-jwt-verifier, it seems to be ok but calling the API always returns “active” : false. Please suggest.
I’m pretty sure that introspect is for idTokens and not accessTokens.
According to okta documentation, token can be access token, ID token, or refresh token.
https://developer.okta.com/docs/api/resources/oidc#introspect
It looks like you’re missing the /default/ for the introspection. You’re getting a token from your custom auth server, then trying to validate it against Okta’s general auth server which doesn’t recognize it.
{{url}}/oauth2/default/v1/introspect
Got it working after removing default from
{{url}}/oauth2/v1/token
{{url}}/oauth2/v1/introspect