Introspect endpoint always returns false

Hi Team,
When I get the server configuration from the URL “oauth2/default/.well-known/oauth-authorization-server”, I get the introspection endpoint as below:

https://dev-####.okta.com/oauth2/default/v1/introspect

When I use this URL to validate the access token it always returns false.

{
“active”: false
}

However when I remove “default” from the above introspect URL, then it works fine. Strange thing is few days back, it was working the other way around. That is, when I did not have the “default” in the introspect URL, it was returning false always. Whereas with “default”, it was returning proper response.

Can you please let me know why this discrepancy is seen? And how do we form the introspect URL reliably in this case?

Hi @vinaynaikwad , since the call to introspect works when you remove “default”, it sounds like the token you’re getting issues is coming from your Org auth server (https://dev-####.okta.com).

If the token was issued by your Org auth server, then it would never be valid on a custom auth server (in this case, https://dev-####.okta.com/oauth2/default/)

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.