OAuth 2.0 Verify Endpoint
This OAuth 2.0 endpoint can be used by an app to verify if the access token is a valid token for the App.
GET /{tenant}/oauth2/v1/verify/
Verifying an access token
Request
| Name | Values | Description | Required |
|---|---|---|---|
| access_token | The access token as a string | The access token to verify. | Yes |
GET /{tenant}/oauth2/v1/verify/?access_token=5686IDG8S78GS6R5
Response
If the access token is valid, the response is a json result containing the following info on the access token:
| Name | Values | Description |
|---|---|---|
| audience | The client ID | The audience must match your App's Client ID. |
| expires_in | A number | The number of seconds the access token is valid from the time this response is received. |
| scope | A space delimited set of scopes | The list of scopes that are returned, can be different from the list of scoped your App asked in the initial request. This can be the result of a user not granting the App access to certain scopes or the rights of the user prevent the user from having the scopes. |
| resource_owner_identity_verified | true |
true if owner performed multi-factor authentication, false otherwise. |
| authentication_strength | For list of values see Activate an Account Provider | The authentication strength of the Account Provider used for authentication. |
| account_provider | account_provider_id | The id of the Account Provider instance used for authentication. |
| account_provider_type_id | The Account provider type Guid used for authentication. |
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"audience": "79237937",
"scope": "profile.read",
"expires_in": 567
"resource_owner_identity_verified": true
"authentication_strength" : 1
"account_provider" : {
"account_provider_id" : 1447897878945
"account_provider_type_id" : "439b8d57-cc9b-4d18-9837-68b0fef65058"
}
}
If the access token is invalid, the response is the following result:
HTTP/1.1 200 OK
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error":"invalid_token"
}