Introspection endpoint returning active as false

Hello There :
I am using the below authorize endpoint to retrieve an access token on my chrome browser<client_id>&response_type=token&scope=openid&redirect_uri=http%3A%2F%2Flocalhost%3A8080/implicit/callback&state=state-296bc9a0-a2a2-4a57-be1a-d0e2fd9bb601&nonce=foo’

This works fine and i am redirected to the login page . After i am successfully authenticated , i get redirected to the callback url with the token in the query parameters.
Then i want to introspect the token, which I do in PostMan using the below url …
and passing the token , client_id as x-www-form-urlencoded values in the POST request.
However i always get the value of active as “false” in the response .
Please can someone suggest what am I doing wrong here .

Thanks in advance.


I just tried it via these steps, and it worked for me:

  1. Got an access token for my client (I used to build the authorize endpoint request)
  2. Copied the token into Postman
  3. Configured Postman for “No Authorization” and added client_id to the Body (x-www-form-urlencoded)

I’d double check a few things:

  • Confirm that your Application type (in Okta) is configured as a Single-Page App (SPA). If you scroll down to Credentials, you should only see Client ID and no Client Secret field.
  • Double check that you did not copy any extra characters or whitespace with the token. Okta returns active: false for invalid input as a security precaution.
  • Make sure that you are not sending any extra Authorization header with the Postman request.
1 Like

That worked for me ! .

I think I must have been doing something wrong with copying the access token.

Thanks for your help



Hello Nate,
Now I am trying to revoke the access token by using the revoke endpoint which returns success.
But when I use the introspect and userInfo endpoints with the same access token , I still get a success with active = true and user profile details.
What could be the issue ?. Thanks in advance.