--- descriptions: workos_connect_introspection: token: | The token (an access token or refresh token) to return information for. token_type_hint: > An optional hint for the type of token provided. This can be either `"access_token"` or `"refresh_token"`. workos_connect_introspection_response: active: | Whether the token is valid (e.g. exists and is not expired). iss: | The issuer of the token. Your AuthKit domain. sub: > The user ID for the OAuth app access token or refresh token. For an M2M app, this is the Applcation’s client ID. sid: > Identifies the consent previously given by the user. Only present for OAuth Application access tokens. org_id: > For an [OAuth](/authkit/connect/oauth/organization-access) token, this is ID of the [Organization](/reference/organization) the user selected during sign-in or on the third-party application authorization screen. For an [M2M](/authkit/connect/m2m/organization-based-access-control) token, this is the ID of the owning Organization. jti: > A unique identifer for the token. Only present for OAuth Application access tokens. token_type: | Either `"access_token"` or `"refresh_token"`. exp: > The token should not be trusted after this time. The timestamp is the number of seconds since epoch. Only returned for access tokens. iat: > The token was issued at this time. The timestamp is the number of seconds since epoch. reference: curl: - url: /reference/workos-connect/introspection key: workos_connect_introspection id: workos_connect_introspection title: /oauth2/token type: POST parameters: - key: client_id type: string description: (workos_connect_token_request.client_id) - key: client_secret type: string description: (workos_connect_token_request.client_secret) - key: token type: string description: (workos_connect_introspection.token) - key: token_type_hint type: '"access_token" | "refresh_token"' optional: true description: (workos_connect_introspection.token_type_hint) returns: - key: anonymous type: object unwrap: true properties: - key: active type: boolean description: (workos_connect_introspection_response.active) - key: token_type type: '"access_token" | "refresh_token"' description: (workos_connect_introspection_response.token_type) - key: client_id type: string description: (workos_connect_token_request.client_id) - key: iss type: string description: (workos_connect_introspection_response.iss) - key: sub type: string description: (workos_connect_introspection_response.sub) - key: iat type: integer description: (workos_connect_introspection_response.iat) - key: sid type: string optional: true description: (workos_connect_introspection_response.sid) - key: jti type: string optional: true description: (workos_connect_introspection_response.jti) - key: org_id type: string optional: true description: (workos_connect_introspection_response.org_id) - key: exp type: integer optional: true description: (workos_connect_introspection_response.exp) originalPath: >- .tmp-workos-clone/packages/docs/content/reference/workos-connect/introspection/index.mdx --- # Token introspection Indicates whether the given token (access token or refresh token) is valid and active. Additionally, it provides details about the token. This endpoint is authenticated by provided the WorkOS Application’s client ID and client secret in the body of the request.