Verifying the access token using introspection end point

rishik · April 14, 2024, 3:26pm

I am trying to validate the access token provided by the okta through introspection endpoint but i am geetting error :Error validating token: Not found

const introspectionEndpoint = 'https://dev-qbxg70o7bq8w0agx.us.auth0.com/oauth2/default/v1/introspect';

    axios.post(introspectionEndpoint, 'accessToken', {
      params: { token: accessTokenString },
      auth: {
        client_id: my_client_id
        client_secret: my_secret_key
      }
    })
    .then(response => {
      const data = response.data;
      // If token is active, proceed to the next middleware or route handler
      if (data.active) {
        req.tokenInfo = data;
        next();
      } else {
        return res.status(401).json({ error: 'Invalid access token' });
      }
    })
    .catch(error => {
        console.error('Error validating token:', error.response?.data || error.message);
        return res.status(500).json({ error: 'Internal server error' });
      });

help me to sort it out.

andrea · April 16, 2024, 8:52pm

It looks like you’re mixing a CIC (fka Auth0) tenant with WIC/CIS (Okta) endpoints.

Based on some threads I can see in that community (where I recommend bringing any Auth0/CIC questions you have), it doesn’t look like Auth0 has a remote Introspection endpoint like Okta does: Validating an Access Token - #2 by Ale - Auth0 Community