Tokens
Access Tokens
Refresh Tokens
- How to enable issuing of a refresh token
- Refresh tokens after being used
ID Tokens
Proof-of-Possession (PoP) Tokens
- Issuing mutual-TLS certificate-bound access tokens
- Using DPoP
Grant Type
Scopes
PKCE (RFC 7636)
- Requiring clients to use PKCE for their authorization requests
- Requiring clients to specify "S256" when using PKCE for their authorization requests
Client Management
Authorization Requests
User Authentication
- Using OAuth 2.0 for User Authentication
Error Handling
Client Authentication
Introspection
Userinfo Endpoint
- Access token verification in Userinfo API
JARM
- Enabling JARM
Device Flow (RFC 8628)
- Enabling “device flow”

Access token verification in Userinfo API

Authlete's /auth/userinfo/issue API does internally verify access token in a request from authorization server.

Thus authorization server doesn't have to make a request to Authlete's introspection API (/auth/introspection) in advance of using the Userinfo API.

How did we do with this article?

Authlete Knowledge Base

Access token verification in Userinfo API

Free Trial

Looking for something?

<img src="https://assets.timelapsehc.com/uploads/site/logo/313/standard_authlete-logo-image-white-with-transparent-bg-256.png?v=1696427161" alt="Standard authlete logo image white with transparent bg 256" /> Authlete Knowledge Base

Access token verification in Userinfo API

Free Trial

Looking for something?

Authlete Knowledge Base