tokenintrospeksjon

Token introspection is a protocol in OAuth 2.0 for querying an authorization server about the state and metadata of an access token. A resource server calls an introspection endpoint to determine whether a token is active and to obtain related information. This approach is useful for opaque tokens or when central checks are preferred over local validation.

Defined in RFC 7662, the resource server typically sends a request to the introspection endpoint using HTTP

Introspection supports centralized revocation and policy checks in multi-service architectures, such as API gateways and microservices.

Security considerations include protecting the introspection endpoint with TLS, authenticating callers, and applying least privilege. Rate