Hi Everyone
Is there any API available with Auth0 which I can invoke with my client credentials (access token) to see if the access token is still valid; not expired or revoked.
Regards,
Irfan Azam
Hi @irfan.azam,
Welcome to the Auth0 Community!
Access tokens in the context of Auth0 cannot be revoked. You can validate the token without the need to make a request to Auth0, that is an important part of stateless access tokens. There is no endpoint with the sole purpose of validating tokens. Tokens intended for the /userinfo endpoint can be sent there to return user information, and therefore be validated.
If you share the framework/language you are using I can point you toward some information about how to verify tokens with that resource.
1 Like
Dan,
Thanks for the reply. We do verify the access token at the backend services, as mentioned in Auth0 documentation, and return 401 if the verification fails. We do have a concept of clients/SDKs where we cache the token and only want to get a new one if the token is expired or revoked. We cannot verify the access tokens as we verify on the backend. Like, you mentioned, that access tokens cannot be revoked, so we are good on that. For expiration I am already looking at the expires_in field. Since tokens cannot be revoked, so checking for the expires_in field should be good enough.
Regards,
Irfan
1 Like
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.