Introspect endpoint always returns false

vinaynaikwad · May 28, 2021, 1:20pm

Hi Team,
When I get the server configuration from the URL “oauth2/default/.well-known/oauth-authorization-server”, I get the introspection endpoint as below:

https://dev-####.okta.com/oauth2/default/v1/introspect

When I use this URL to validate the access token it always returns false.

{
“active”: false
}

However when I remove “default” from the above introspect URL, then it works fine. Strange thing is few days back, it was working the other way around. That is, when I did not have the “default” in the introspect URL, it was returning false always. Whereas with “default”, it was returning proper response.

Can you please let me know why this discrepancy is seen? And how do we form the introspect URL reliably in this case?

marcusi · May 28, 2021, 3:26pm

Hi @vinaynaikwad , since the call to introspect works when you remove “default”, it sounds like the token you’re getting issues is coming from your Org auth server (https://dev-####.okta.com).

If the token was issued by your Org auth server, then it would never be valid on a custom auth server (in this case, https://dev-####.okta.com/oauth2/default/)

system · May 29, 2021, 3:26pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Introspect api always return "active" false for validating access token OAuth/OIDC	5	9239	July 27, 2018
Introspect endpoint Questions	5	5486	January 24, 2024
Introspection endpoint returning active as false Questions	4	7274	January 2, 2019
POST oath2/default/v1/introspect getting 404 Questions	8	7026	April 6, 2020
Is the /introspect endpoint meant for the OAuth Client to call, or the OAuth Resource Server to call? Questions	5	11197	June 24, 2021

Introspect endpoint always returns false

Related topics