Introspects the access token and refresh token.

  • An opaque token is validated using the this endpoint by passing the access token or refresh token via the token body parameter and returns a boolean that indicates whether it is active.
  • If the token is active, additional data about the token is also returned.
  • If the token is invalid, expired, or revoked, it is considered inactive.
  • Refer complete guide here.
  • See the OAuth2 spec