Getting Started
Deployment
OAuth and OpenID Connect
Operations
Authlete 2.0
Financial-grade API
Authlete Home
Documents
API Reference
Console Login
Free Trial

English
- English
- 日本語

Authlete Home
Documents
API Reference
Console Login
Free Trial

Authlete Knowledge Base

OAuth and OpenID Connect
Introspection

Tokens
Access Tokens
Refresh Tokens
- Refreshing a refresh token when the grant type is "refresh_token"
- How to enable issuing of a refresh token
ID Tokens
Grant Type
Scopes
PKCE (RFC 7636)
- Requiring clients to use PKCE for their authorization requests
- Requiring clients to specify "S256" when using PKCE for their authorization requests
Client Management
Authorization Endpoint
- Ticket Parameter in Authorization Endpoint
User Authentication
- Using OAuth 2.0 for User Authentication
Error Handling
Client Authentication
Userinfo Endpoint
- Access token verification in Userinfo API
Introspection
- Introspection response for expired access token
- How to specify scopes to be checked

Introspection response for expired access token

Authlete's /auth/introspection API responds to requests with expired access token as follows:

To the first request: The token has been expired. Authlete then removes the token from its database.
To the second and subsequent requests: The token doesn't exist. Because the token has been removed at the first request.

How did we do with this article?

Free Trial

Authlete is your OAuth 2.0 server & OpenID Connect provider on cloud / on premise.

Looking for something?

We'd love to hear your comments and questions.

Contact Support

Copyright ©︎ Authlete, Inc.