Token introspection
APIs called with an oauth access token will want to verify token validity. Therefor a dedicated RFC-7662 conforming endpoint is provided:
POST /introspect
The caller must authenticate using BasicAuthentication with LDAP credentials. Role oauth_introspect must be granted to the caller. The following parameter must be given (Content-Type: application/x-www-form-urlencoded):
Parameter name |
Parameter value |
Mandatory |
Description |
|---|---|---|---|
token |
Access token |
Yes |
Plain text access token representing User session. |
Upon successful server side verification the following JSON structure will be returned:
{
"active":true,
"exp":1510910796,
"sub":"ionos:iam:hosting::users/abcdabcd-abcd-abcd-abcd-abcdabcdabcd",
"market":"DE",
"scope":"openid address",
"client_id":"webapp.example.com"
}
“sub” is a URN conforming to our OpenID convention, and market is one of DE, GB, FR, US, ES, CA, IT, MX.