<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview

%%information
Is this the same as the [Introspection_endpoint] from [OAuth 2.0 Token Introspection] ?
%%

[{$pagename}] is an [Endpoint] when receiving a [Requesting Party Token]  with the &quot;Bearer&quot; scheme in the [Authorization Header] from a [OAuth Client] making an access attempt, the [Resource Server] introspects the [Requesting Party Token] by using the [{$pagename}] of the [Protection API]. The [Protection API Token] used by the [Resource Server] to make the introspects request which provides the [Resource Owner] context to the [Authorization Server].

The [Authorization Server] responds with a [JSON] object with the structure dictated by [OAuth 2.0 Token Introspection]. If the &quot;active&quot; property has a Boolean value of true, then the [JSON] object MUST NOT contain a &quot;scope&quot; claim, and MUST contain an extension property with the name &quot;permissions&quot; that contains an array of zero or more values, each of which is an object consisting of these properties:

%%zebra-table
%%sortable
%%table-filter
||[Permission]||REQUIRED||Description
|resource_set_id|REQUIRED|A string that uniquely identifies the [Resource Set], access to which has been granted to this client on behalf of this [Requesting Party]. The identifier MUST correspond to a [Resource Set] that was previously registered as protected.
|scopes|REQUIRED|An array referencing one or more [URI]s of scopes to which access was granted for this [Resource Set]. Each scope MUST correspond to a scope that was registered by this resource server for the referenced [Resource Set].
|exp|OPTIONAL|Integer timestamp, [Unix Time], indicating when this [Permission] will expire. If the property is absent, the [Permission] does not expire. If the token-level &quot;exp&quot; value pre-dates a permission-level &quot;exp&quot; value, the former overrides the latter.
|iat|OPTIONAL|Integer timestamp,[Unix Time], indicating when this [Permission] was originally issued. If the token-level &quot;iat&quot; value post-dates a permission-level &quot;iat&quot; value, the former overrides the latter.
|nbf|OPTIONAL|Integer timestamp, [Unix Time], indicating the time before which this [Permission] is not valid. If the token-level &quot;nbf&quot; value post-dates a permission-level &quot;nbf&quot; value, the former overrides the latter.
/%
/%
/%
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
</pre>