Glossary

Token introspection

Token introspection asks the authorization server whether a token is active and returns its scopes and expiry. Use it when you must honour a revocation immediately.

2 min read

Definition

Introspection (RFC 7662) is a server call that returns active: true/false for a token plus its metadata. Unlike local JWKS verification, it sees revocations before natural expiry — at the cost of a round trip per check.

In plain terms

Asking the server, live, whether a token is still good.

Why it matters here

Reach for it on sensitive paths where instant revocation matters. See the introspection endpoint.

Funding for UK limited companies

Credicorp lends to your company, not to you personally — short-term working capital with no personal guarantee. See what your business could access.