Validating an Access Token

Hi team

I want to validate access token from the gateway. Which service should I hit in Auth0 to do so?

I am looking for something equivalent of introspection end point provided by okta

https://developer.okta.com/docs/reference/api/oidc/#introspect

Welcome to the Auth0 Community, @gsinha!

We don’t have an equivalent endpoint to the /introspect endpoint from Okta. You would have two options: either use the token and see if it’s valid or inspect it using a library of your choice (you can grab one from JSON Web Token Libraries - jwt.io for example)

I recommend you to read Validate Access Tokens to learn more about this topic.

If you would like to see a similar endpoint or any other feature supported, I suggest you send your feedback explaining your use case and giving as many details as possible so we all can understand your requirements.

I hope this helps.

1 Like

A quick follow on question

  1. Can you elaborate on “either use the token and see if it’s valid”.
    → What I understood is you are suggesting is I should call some service like “/userInfoendpoint” using access token and if it goes through ,my access token is valid. Is that what you mean to say?

  2. What is the recommended approach - > using JWT library or going back to Auth0 for validation?

Yes. That’s one example. Calling the /userinfo endpoint with the Access Token. This leads me to your next question below.

I would “always” say JWT library. My question here is: why are you trying to validate the Access Token before actually using/sending it? Could you please describe your use case as detailed as possible? To me, trying to validate the Access Token before actually using the Access Token does not make much sense. i.e. it is the responsibility of the API/backend to accept or reject the Access Token. Why don’t you want to just send/use it?

2 Likes