POST oath2/default/v1/introspect getting 404

I’m trying to introspect a token, but getting a 404 when POSTING to:

https://dev-845984.oktapreview.com/oath2/default/v1/introspect

I have the client_id and token in the body, as x-www-form-urlencoded.

Specifically, the request returns the html for the Okta 404 page.

Based on https://developer.okta.com/docs/api/resources/oidc/#introspect , this looks like the correct endpoint to me. Can someone assist?

The url should be:
https://dev-845984.oktapreview.com/oauth2/default/v1/introspect
instead of:
https://dev-845984.oktapreview.com/oath2/default/v1/introspect

Thank you. I can’t believe I missed that.

I’m now getting a ‘invalid_client’ and ‘No client credentials found’ error. I’ve tried including the client_id that I’ve copied from my SPA configuration in both the body as ‘client_id’ and the query params – neither seems to change it. Any ideas?

The post request should be similar:

https://dev-845984.oktapreview.com/oauth2/default/v1/introspect?client_id={yourClientId}&token={yourAccessToken}&token_type_hint=access_token

You can try using postman to see if it returns the correct response. It is working for my oktapreview client.

@Fei

https://navi-2020.okta.com/oauth2/default/v1/introspect?client_id=0oa57fbt3r5I638u94x6&token=eyJraWQiOiJDM3ExbXRzdFY4U0tUTjZTY09jRkFjeXNDckNKRDI0N1NtQkMtM2dGd1hzIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULnE4ZWc1Vk1NMjZ1LWMxai1URFM1RGp4X0hwN1VXUS1sQXFfNkp3eTlFSG8iLCJpc3MiOiJodHRwczovL25hdmktMjAyMC5va3RhLmNvbS9vYXV0aDIvZGVmYXVsdCIsImF1ZCI6ImFwaTovL2RlZmF1bHQiLCJpYXQiOjE1ODYwOTQ2NzcsImV4cCI6MTU4NjA5ODI3NywiY2lkIjoiMG9hNTdmYnQzcjVJNjM4dTk0eDYiLCJ1aWQiOiIwMHU1NjV3djNFTkZFUTFRWTR4NiIsInNjcCI6WyJwcm9maWxlIiwib3BlbmlkIiwiZW1haWwiXSwic3ViIjoia3VtYXIuc2h1YmhhbUBuYXZpLmNvbSJ9.HAXhUsxsANRl_QsKU7A--9qP3KFJDSfk5eDFlfnAdVCZREmcI7OF465J0dFJJxbo2BCCLlwFSLdoK4glu7DEt2gIv9rLldN82m1WzdAH95f4BnXQOKCfn1apAVQyUpkNap_TrvxdW-id-QQWB2_nNso815f5eEO0GhUug3ZC5yIdwRQudjAw1oUQR0i1EVNBhROK_GHrnz7W25PVj_MPGfk8GfbCP7ZuBhK30-UjhvGx6O7Fg1w0vOjSYY1ta4WmQoGVYykNGB_ISvkSqBgCeh2_pjIY3BALjTXQOzEauAkyZjyft7lS70naAchVhsK3mfsxxnDq2VUx6zCY3KIDIQ&token_type_hint=access_token

error:
{
“errorCode”: “E0000021”,
“errorSummary”: “Bad request. Accept and/or Content-Type headers likely do not match supported values.”,
“errorLink”: “E0000021”,
“errorId”: “oaeiKOMRfs7S3SFLEaMqZRdxg”,
“errorCauses”: []
}

The response is bad request 400. I am unable to find it, why it is giving such kind of errror. Please help.
Thank you

Hi @Shubham6541

The error occurs when Accept and Content-Type headers are not added or have an invalid value. Here is a small cURL example for using the introspect endpoint.

curl --location --request POST 'https://dragos.okta.com/oauth2/default/v1/introspect' \
--header 'Accept: application/json' \
--header 'Authorization: Basic MG9hN...' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'token=TOKEN'
1 Like

Thanx, Here I was missing Content-type: …