const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
});
const params = {
token: 'eyJ...',
client_id: '${exampleConnectedAppClientID}',
client_secret: '${exampleConnectedAppClientSecret}',
token_type_hint: 'access_token',
};
const options = {
authorization_check: {
organization_id: '${organizationId}',
resource_id: 'documents',
action: 'create',
},
};
client.idp
.introspectTokenNetwork(params, options)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/idp"
)
func main() {
client, err := b2bstytchapi.NewClient(
"${projectId}",
"${secret}",
b2bstytchapi.WithBaseURI("${projectDomain}"),
)
if err != nil {
log.Fatalf("error instantiating client: %v", err)
}
_, err = client.IDP.IntrospectTokenNetwork(context.Background(), &idp.IntrospectTokenNetworkParams{
Token: "eyJ...",
ClientID: "${exampleConnectedAppClientID}",
ClientSecret: "${exampleConnectedAppClientSecret}",
})
if err != nil {
log.Fatalf("error in method call: %v", err)
}
}
from stytch import B2BClient
from stytch.b2b.models.sessions import AuthorizationCheck
client = B2BClient(
project_id="${projectId}",
secret="${secret}",
custom_base_url="${projectDomain}",
)
resp = client.idp.introspect_token_network(
token="eyJ...",
client_id="${exampleConnectedAppClientID}",
client_secret="${exampleConnectedAppClientSecret}",
token_type_hint="access_token",
authorization_check=AuthorizationCheck(
organization_id='${organizationId}',
resource_id='documents',
action='create'
),
)
print(resp)
require 'stytch'
client = StytchB2B::Client.new(
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
)
resp = client.idp.introspect_token_network(
token="eyJ...",
)
print(resp)
curl --request POST \
--url https://${projectDomain}/v1/oauth2/introspect \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=${exampleConnectedAppClientID} \
&client_secret=${exampleConnectedAppClientSecret} \
&token=eyJ...'
{
"active": true,
"aud": ["PROJECT_ID"],
"client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
"exp": 1738848103,
"iat": 1738844503,
"iss": "https://${projectDomain}",
"scope": "openid email profile",
"sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
"token_type": "access_token",
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"active": false,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"status_code": 404,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "idp_client_not_found",
"error_message": "The IDP client requested could not be found.",
"error_url": "https://stytch.com/docs/api/errors/404"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
});
const params = {
token: 'eyJ...',
client_id: '${exampleConnectedAppClientID}',
client_secret: '${exampleConnectedAppClientSecret}',
token_type_hint: 'access_token',
};
const options = {
authorization_check: {
organization_id: '${organizationId}',
resource_id: 'documents',
action: 'create',
},
};
client.idp
.introspectTokenNetwork(params, options)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/idp"
)
func main() {
client, err := b2bstytchapi.NewClient(
"${projectId}",
"${secret}",
b2bstytchapi.WithBaseURI("${projectDomain}"),
)
if err != nil {
log.Fatalf("error instantiating client: %v", err)
}
_, err = client.IDP.IntrospectTokenNetwork(context.Background(), &idp.IntrospectTokenNetworkParams{
Token: "eyJ...",
ClientID: "${exampleConnectedAppClientID}",
ClientSecret: "${exampleConnectedAppClientSecret}",
})
if err != nil {
log.Fatalf("error in method call: %v", err)
}
}
from stytch import B2BClient
from stytch.b2b.models.sessions import AuthorizationCheck
client = B2BClient(
project_id="${projectId}",
secret="${secret}",
custom_base_url="${projectDomain}",
)
resp = client.idp.introspect_token_network(
token="eyJ...",
client_id="${exampleConnectedAppClientID}",
client_secret="${exampleConnectedAppClientSecret}",
token_type_hint="access_token",
authorization_check=AuthorizationCheck(
organization_id='${organizationId}',
resource_id='documents',
action='create'
),
)
print(resp)
require 'stytch'
client = StytchB2B::Client.new(
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
)
resp = client.idp.introspect_token_network(
token="eyJ...",
)
print(resp)
curl --request POST \
--url https://${projectDomain}/v1/oauth2/introspect \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=${exampleConnectedAppClientID} \
&client_secret=${exampleConnectedAppClientSecret} \
&token=eyJ...'
{
"active": true,
"aud": ["PROJECT_ID"],
"client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
"exp": 1738848103,
"iat": 1738844503,
"iss": "https://${projectDomain}",
"scope": "openid email profile",
"sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
"token_type": "access_token",
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"active": false,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"status_code": 404,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "idp_client_not_found",
"error_message": "The IDP client requested could not be found.",
"error_url": "https://stytch.com/docs/api/errors/404"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
Methods
Introspect Token
Examine and introspect a token for a Connected Apps client.
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
});
const params = {
token: 'eyJ...',
client_id: '${exampleConnectedAppClientID}',
client_secret: '${exampleConnectedAppClientSecret}',
token_type_hint: 'access_token',
};
const options = {
authorization_check: {
organization_id: '${organizationId}',
resource_id: 'documents',
action: 'create',
},
};
client.idp
.introspectTokenNetwork(params, options)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/idp"
)
func main() {
client, err := b2bstytchapi.NewClient(
"${projectId}",
"${secret}",
b2bstytchapi.WithBaseURI("${projectDomain}"),
)
if err != nil {
log.Fatalf("error instantiating client: %v", err)
}
_, err = client.IDP.IntrospectTokenNetwork(context.Background(), &idp.IntrospectTokenNetworkParams{
Token: "eyJ...",
ClientID: "${exampleConnectedAppClientID}",
ClientSecret: "${exampleConnectedAppClientSecret}",
})
if err != nil {
log.Fatalf("error in method call: %v", err)
}
}
from stytch import B2BClient
from stytch.b2b.models.sessions import AuthorizationCheck
client = B2BClient(
project_id="${projectId}",
secret="${secret}",
custom_base_url="${projectDomain}",
)
resp = client.idp.introspect_token_network(
token="eyJ...",
client_id="${exampleConnectedAppClientID}",
client_secret="${exampleConnectedAppClientSecret}",
token_type_hint="access_token",
authorization_check=AuthorizationCheck(
organization_id='${organizationId}',
resource_id='documents',
action='create'
),
)
print(resp)
require 'stytch'
client = StytchB2B::Client.new(
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
)
resp = client.idp.introspect_token_network(
token="eyJ...",
)
print(resp)
curl --request POST \
--url https://${projectDomain}/v1/oauth2/introspect \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=${exampleConnectedAppClientID} \
&client_secret=${exampleConnectedAppClientSecret} \
&token=eyJ...'
{
"active": true,
"aud": ["PROJECT_ID"],
"client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
"exp": 1738848103,
"iat": 1738844503,
"iss": "https://${projectDomain}",
"scope": "openid email profile",
"sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
"token_type": "access_token",
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"active": false,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"status_code": 404,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "idp_client_not_found",
"error_message": "The IDP client requested could not be found.",
"error_url": "https://stytch.com/docs/api/errors/404"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
POST
/
v1
/
oauth2
/
introspect
const stytch = require('stytch');
const client = new stytch.B2BClient({
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
});
const params = {
token: 'eyJ...',
client_id: '${exampleConnectedAppClientID}',
client_secret: '${exampleConnectedAppClientSecret}',
token_type_hint: 'access_token',
};
const options = {
authorization_check: {
organization_id: '${organizationId}',
resource_id: 'documents',
action: 'create',
},
};
client.idp
.introspectTokenNetwork(params, options)
.then((resp) => {
console.log(resp);
})
.catch((err) => {
console.log(err);
});
package main
import (
"context"
"log"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/b2bstytchapi"
"github.com/stytchauth/stytch-go/v16/stytch/b2b/idp"
)
func main() {
client, err := b2bstytchapi.NewClient(
"${projectId}",
"${secret}",
b2bstytchapi.WithBaseURI("${projectDomain}"),
)
if err != nil {
log.Fatalf("error instantiating client: %v", err)
}
_, err = client.IDP.IntrospectTokenNetwork(context.Background(), &idp.IntrospectTokenNetworkParams{
Token: "eyJ...",
ClientID: "${exampleConnectedAppClientID}",
ClientSecret: "${exampleConnectedAppClientSecret}",
})
if err != nil {
log.Fatalf("error in method call: %v", err)
}
}
from stytch import B2BClient
from stytch.b2b.models.sessions import AuthorizationCheck
client = B2BClient(
project_id="${projectId}",
secret="${secret}",
custom_base_url="${projectDomain}",
)
resp = client.idp.introspect_token_network(
token="eyJ...",
client_id="${exampleConnectedAppClientID}",
client_secret="${exampleConnectedAppClientSecret}",
token_type_hint="access_token",
authorization_check=AuthorizationCheck(
organization_id='${organizationId}',
resource_id='documents',
action='create'
),
)
print(resp)
require 'stytch'
client = StytchB2B::Client.new(
project_id: '${projectId}',
secret: '${secret}',
custom_base_url: '${projectDomain}',
)
resp = client.idp.introspect_token_network(
token="eyJ...",
)
print(resp)
curl --request POST \
--url https://${projectDomain}/v1/oauth2/introspect \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d 'client_id=${exampleConnectedAppClientID} \
&client_secret=${exampleConnectedAppClientSecret} \
&token=eyJ...'
{
"active": true,
"aud": ["PROJECT_ID"],
"client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
"exp": 1738848103,
"iat": 1738844503,
"iss": "https://${projectDomain}",
"scope": "openid email profile",
"sub": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
"token_type": "access_token",
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"active": false,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"status_code": 200
}
{
"status_code": 404,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "idp_client_not_found",
"error_message": "The IDP client requested could not be found.",
"error_url": "https://stytch.com/docs/api/errors/404"
}
{
"status_code": 429,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "too_many_requests",
"error_message": "Too many requests have been made.",
"error_url": "https://stytch.com/docs/api/errors/429"
}
{
"status_code": 500,
"request_id": "request-id-test-b05c992f-ebdc-489d-a754-c7e70ba13141",
"error_type": "internal_server_error",
"error_message": "Oops, something seems to have gone wrong, please reach out to support@stytch.com to let us know what went wrong.",
"error_url": "https://stytch.com/docs/api/errors/500"
}
Examine and introspect a token for the given Connected Apps client. All standard OIDC claims, as well as custom claims, will be returned.
The active status can be used to determine if the token is active.
This endpoint supports both access tokens and refresh tokens.
This endpoint is an RFC-7662 compliant token introspection endpoint.
- This endpoint supports passing the
client_idandclient_secretwithin the request body as well as within a HTTP-Basic Auth header. - This endpoint supports the
application/x-www-form-urlencodedcontent type.
We recommend using the Custom Domain whenever possible. For backwards compatibility reasons, this endpoint is also available at
https://test.stytch.com/v1/public/${projectId}/oauth2/introspect.Body
The token to introspect.
A hint for the type of the token. Possible values are
access_token and refresh_token.The ID of the Connected App client.
The secret of the Connected App client. Required for confidential clients
Response
Whether the token is active.
The scopes granted to the token.
The ID of the Connected App client.
The type of the token. Possible values are
access_token and refresh_token.The expiration time of the token, expressed as a Unix timestamp.
The time at which the token was issued, expressed as a Unix timestamp.
The subject of the token. This is a unique identifier for the user.
The issuer of the token. This is the domain of your project, e.g. https://$ by default, or stytch.com/PROJECT_ID if the token was retrieved using the stytch.com domain. See the Custom Domain guide for more information.
The audience (
client_id) that the token is intended for. Additional custom audiences can be defined for the token by setting the access_token_custom_audience parameter on the client object.Globally unique UUID that is returned with every API call. This value is important to log for debugging purposes; we
may ask for this value to help identify a specific API call when helping you debug an issue.
The HTTP status code of the response. Stytch follows standard HTTP response status code patterns, e.g. 2XX values
equate to success, 3XX values are redirects, 4XX are client errors, and 5XX are server errors.
⌘I