post https://example.com/OAuth2/Introspect
- An opaque token is validated using the this endpoint by passing the access token or refresh token via the token body parameter and returns a boolean that indicates whether it is active.
- If the token is active, additional data about the token is also returned.
- If the token is invalid, expired, or revoked, it is considered inactive.
- Refer complete guide here.
- See the OAuth2 spec https://oauth.net/2/