4

I am using Identity Server4 for a proof of concept project.I have implemented the identity server and I can receive an access token when I authenticate successfully.

For authentication I use, the following endpoint:

http://identity-vm-01/connect/token

and the details I post are: enter image description here

Now, I would like to check if the token that I receive is valid. For that I am using the following endpoint.

http://identity-vm-01/connect/introspect

with a basic auth header using the client_id and client_secret as shown above, and pass token in the body.

But I receive an Unauthorized error. 401 . It will be great if someone could tell me what is that I am doing wrong.

Thank you

Libin Joseph
  • 7,070
  • 5
  • 29
  • 52

1 Answers1

2

You need to define a scope secret for api1 (on the Scope class) and use the scope name and secret as client_id/secret.

Clients for the introspection endpoint are not really clients in the OAuth 2 sense - they are APIs.

leastprivilege
  • 18,196
  • 1
  • 34
  • 50