- Access Tokens
- Refresh Tokens
- ID Tokens
- Client Management
- Authorization Endpoint
- Error Handling
- Client Authentication
- Userinfo Endpoint
- Introspection response for expired access token
- How to specify scopes to be checked
Introspection response for expired access token
Authlete's /auth/introspection API responds to requests with expired access token as follows:
- To the first request: The token has been expired. Authlete then removes the token from its database.
- To the second and subsequent requests: The token doesn't exist. Because the token has been removed at the first request.
How did we do with this article?