REST API for Oracle Identity Cloud Service

Validate the Token

post

/oauth2/v1/introspect

Request

Supported Media Types

application/x-www-form-urlencoded

Header Parameters

Authorization: string

Basic Authorization. Base64 encoding of client credentials

Root Schema : schema

Type: object

Show Source

token: string

Access Token

Example: eyJ4NXQiOiI4Wk5NMEFfNWFuSTc0dGp3Y3FWcWtMN3Z0Q2ciLCJraWQiOiJwcml2YWVrZXkxIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI1YzA4NDcyMi03Njk3LTQ2NzgtOWVmNC01ZDMxYjg5MjgzYTMiLCJuYmYiOjE0NDA3NTk0MDgsInNjb3BlIjoiQUNNRUNhbmRpZGF0ZVByb2ZpbGVTZXJ2aWNlLnJlc3VtZXNfbW9udGhzIG9mZmxpbmVfYWNjZXNzIiwiaXNzIjoiaWRjcy5vcmFjbGUuY29tIiwiZXhwIjoxNDQwNzYzMDA4LCJpYXQiOjE0NDA3NTk0MDgsInRlbmFudCI6IlRFTkFOVDEiLCJqdGkiOiI0MGU2MjU1ZS1lOGVhLTQ5ZTYtYmVlYy03ZjgwMzdkZDM3YTAifQ.OyDEHQB_RHEaeHjKak7coN1w-wsJjH_1a0ehu8h7pKE7uGJLB6fWWHzCMfLk9eXNb_eUvuNNGB7sx7TlRKHFpw

{
    "type":"object",
    "properties":{
        "token":{
            "description":"Access Token",
            "type":"string",
            "example":"eyJ4NXQiOiI4Wk5NMEFfNWFuSTc0dGp3Y3FWcWtMN3Z0Q2ciLCJraWQiOiJwcml2YWVrZXkxIiwiYWxnIjoiUlMyNTYifQ.eyJzdWIiOiI1YzA4NDcyMi03Njk3LTQ2NzgtOWVmNC01ZDMxYjg5MjgzYTMiLCJuYmYiOjE0NDA3NTk0MDgsInNjb3BlIjoiQUNNRUNhbmRpZGF0ZVByb2ZpbGVTZXJ2aWNlLnJlc3VtZXNfbW9udGhzIG9mZmxpbmVfYWNjZXNzIiwiaXNzIjoiaWRjcy5vcmFjbGUuY29tIiwiZXhwIjoxNDQwNzYzMDA4LCJpYXQiOjE0NDA3NTk0MDgsInRlbmFudCI6IlRFTkFOVDEiLCJqdGkiOiI0MGU2MjU1ZS1lOGVhLTQ5ZTYtYmVlYy03ZjgwMzdkZDM3YTAifQ.OyDEHQB_RHEaeHjKak7coN1w-wsJjH_1a0ehu8h7pKE7uGJLB6fWWHzCMfLk9eXNb_eUvuNNGB7sx7TlRKHFpw"
        }
    },
    "required":[
        "token"
    ]
}

Response

Supported Media Types

application/json

200 Response

Access Token validated

Root Schema : introspect

Type: object

Validate the token

Show Source

active: string

Active status of the Access Token
exp: number

Expiry time of the Access Token
iat: number

Issue time of the Access Token
iss: string

Issuer of the Access Token
nbf: number

Not before in Access Token
preferred_username: string

Preferred User Name
prn: string

Principal of the Access Token
scope: string

Scope provided in the Access Token
token_type: string

Token type

{
    "description":"Validate the token",
    "type":"object",
    "properties":{
        "token_type":{
            "type":"string",
            "description":"Token type"
        },
        "iat":{
            "type":"number",
            "description":"Issue time of the Access Token"
        },
        "iss":{
            "type":"string",
            "description":"Issuer of the Access Token"
        },
        "nbf":{
            "type":"number",
            "description":"Not before in Access Token"
        },
        "exp":{
            "type":"number",
            "description":"Expiry time of the Access Token"
        },
        "scope":{
            "type":"string",
            "description":"Scope provided in the Access Token"
        },
        "prn":{
            "type":"string",
            "description":"Principal of the Access Token"
        },
        "active":{
            "type":"string",
            "description":"Active status of the Access Token"
        },
        "preferred_username":{
            "type":"string",
            "description":"Preferred User Name"
        }
    },
    "required":[
        "token_type",
        "iat",
        "iss",
        "nbf",
        "exp",
        "scope",
        "prn",
        "active",
        "preferred_username"
    ]
}

400 Response

Invalid request

Root Schema : error

Type: object

Error message that appears during Revoke Refresh Token

Show Source

error: string

Error values based on the OAuth specification
error_description: string

Detailed error messages

{
    "description":"Error message that appears during Revoke Refresh Token",
    "type":"object",
    "properties":{
        "error":{
            "type":"string",
            "description":"Error values based on the OAuth specification"
        },
        "error_description":{
            "type":"string",
            "description":"Detailed error messages"
        }
    },
    "required":[
        "error",
        "error_description"
    ]
}

401 Response

Invalid client

Root Schema : error

Type: object

Error message that appears during Revoke Refresh Token

Show Source

error: string

Error values based on the OAuth specification
error_description: string

Detailed error messages

{
    "description":"Error message that appears during Revoke Refresh Token",
    "type":"object",
    "properties":{
        "error":{
            "type":"string",
            "description":"Error values based on the OAuth specification"
        },
        "error_description":{
            "type":"string",
            "description":"Detailed error messages"
        }
    },
    "required":[
        "error",
        "error_description"
    ]
}

Examples

The following example shows how to validate tokens by submitting a POST request on the REST resource using cURL. For more information about cURL, see Use cURL. See the Authorization section for more information on grant types.

Example Request Using cURL

Note:

The command in this example uses the URL structure https://tenant-base-url/resource-path, where tenant-base-url represents the Identity Service URL, and the resource path represents the Identity Service API. See Send Requests for the appropriate URL structure to use.

The following shows an example cURL request to validate an access token.

curl -i
-H 'Authorization: Basic <base64Encoded clientid:secret>'
-H 'Accept: */*'
-H 'Cache-Control: no-cache, no-store, must-revalidate' 
-H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
--request POST https://tenant-base-url/oauth2/v1/introspect -d 'token=<token-value>'

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
  "active": true,
  "scope": "get_approles address phone openid profile groups approles email get_groups",
  "client_id": "a5ff6626d76b4fce9c17ae7cbd34a73e",
  "token_type": "JWT",
  "exp": 1495695149,
  "iat": 1495691556,
  "sub": "user@oracle.com",
  "aud": [
    "https://tenant-base-url"
  ],
  "iss": "https://tenant-base-url",
  "jti": "4096b0dd-84fa-4c6b-a20c-9f77b64232cf",
  "tenant": "tenant1",
  "user_tz": "America/Chicago",
  "user_locale": "en",
  "user_displayname": "alice alice",
  "user_tenantname": "tenant1",
  "user.tenant.name": "tenant1",
  "sub_mappingattr": "userName",
  "client_tenantname": "tenant1",
  "user_lang": "en",
  "client_name": "playg"
}

Example Request Using cURL

The following shows an example cURL request to validate an identity token.

curl -i -k
-H 'Authorization: Basic <base64Encoded clientid:secret>'
-H 'Accept: */*'
-H 'Cache-Control: no-cache, no-store, must-revalidate'
-H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8'
--request POST 'https://tenant-base-url/oauth2/v1/introspect' -d 'token=<token value>'

Example of Response Body

The following example shows the contents of the response body in JSON format:

{
  "active": true,
  "token_type": "JWT",
  "exp": 1506390061,
  "iat": 1506362597,
  "sub": "admin@example.com",
  "aud": [
    "7660e835e37c41799bde537bd8529275",
    "https://identity.oraclecloud.com/"
  ],
  "iss": "https://identity.oraclecloud.com/",
  "jti": "d3b84f55-e4d6-4641-b4b5-49a872c9cf1e",
  "tenant": "tenant1",
  "user_tz": "America/Chicago",
  "user_locale": "en",
  "user_displayname": "admin opc",
  "user_tenantname": "tenant1",
  "sub_mappingattr": "userName",
  "user_lang": "en"
}