Introspect return 403 forbidden

Hi There,

Greetings!
Actually this morning I used the authorize endpoint to get a SPA token
https://dev-243304.okta.com/oauth2/ausd202ekYITQSbIx4x6/v1/authorize?client_id=0oackhenpmuDhtpV34x6&response_type=token&scope=openid&redirect_uri=
https%3A%2F%2Fapp.getpostman.com%2Foauth2%2Fcallback&nonce=UBGW2&state=123

then I sent a post request in the postman to the introspect endpoint with the access token in the authentication header, the response status is 200. Everything is fine.

However, after a while, I tried again to get a new token and send to introspect endpoint, every time the response status is 403 forbidden. But the access token can be parsed by the jwt.io debugger correctly.

So that means the same operation but only work for the very first time. (note: I also tried different nonce and state, but the result is 403 forbidden)

Any idea about this?

Thanks & Regards,
Lyle

Hi @Lyle

Can you please clear the cookies that you have stored in Postman and try once again? The previous cookies might conflict with the request.

The cookies can be cleared from the Cookies section underneath the “Send” button on top right side of the application.

Thanks dragos. it’s really related to cookie. after I clear all cookie, now inspection can work. Thank you very much.

1 Like