Authenticate Access Token (Local)

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
  custom_base_url: '${projectDomain}',
});

const params = {
  token: 'eyJ...',
};

const options = {
  authorization_check: {
    organization_id: '${organizationId}',
    resource_id: 'documents',
    action: 'create',
  },
};

client.idp
  .introspectTokenLocal(params, options)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
  "subject": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "scope": "openid email profile",
  "audience": ["PROJECT_ID"],
  "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  "expires_at": 1738848103,
  "issued_at": 1738844503,
  "issuer": "https://${projectDomain}",
  "token_type": "access_token"
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
  custom_base_url: '${projectDomain}',
});

const params = {
  token: 'eyJ...',
};

const options = {
  authorization_check: {
    organization_id: '${organizationId}',
    resource_id: 'documents',
    action: 'create',
  },
};

client.idp
  .introspectTokenLocal(params, options)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
  "subject": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "scope": "openid email profile",
  "audience": ["PROJECT_ID"],
  "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  "expires_at": 1738848103,
  "issued_at": 1738844503,
  "issuer": "https://${projectDomain}",
  "token_type": "access_token"
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
  custom_base_url: '${projectDomain}',
});

const params = {
  token: 'eyJ...',
};

const options = {
  authorization_check: {
    organization_id: '${organizationId}',
    resource_id: 'documents',
    action: 'create',
  },
};

client.idp
  .introspectTokenLocal(params, options)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
  "subject": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "scope": "openid email profile",
  "audience": ["PROJECT_ID"],
  "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  "expires_at": 1738848103,
  "issued_at": 1738844503,
  "issuer": "https://${projectDomain}",
  "token_type": "access_token"
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
  custom_base_url: '${projectDomain}',
});

const params = {
  token: 'eyJ...',
};

const options = {
  authorization_check: {
    organization_id: '${organizationId}',
    resource_id: 'documents',
    action: 'create',
  },
};

client.idp
  .introspectTokenLocal(params, options)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });

{
  "subject": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "scope": "openid email profile",
  "audience": ["PROJECT_ID"],
  "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  "expires_at": 1738848103,
  "issued_at": 1738844503,
  "issuer": "https://${projectDomain}",
  "token_type": "access_token"
}

Examine and introspect an access token locally. All standard and custom claims will be returned. No network calls are made when invoking this API method. An error will be thrown if the token is not active. This method supports only access tokens. If an authorization_check object is passed in, this method will also check if the token contains scopes that are authorized to perform the specified action on the resource_id in the specified Organization.

Body

token

string

required

The token to introspect.

Response

scope

string

The scopes granted to the token.

token_type

string

The type of the token. Possible values are access_token and refresh_token.

expires_at

string

The expiration time of the token, expressed as a Unix timestamp.

issued_at

string

The time at which the token was issued, expressed as a Unix timestamp.

subject

string

The subject of the token. This is a unique identifier for the user.

issuer

string

The issuer of the token. This is the domain of your project, e.g. https://$ by default, or stytch.com/PROJECT_ID if the token was retrieved using the stytch.com domain. See the Custom Domain guide for more information.

audience

string

The audience (project_id) that the token is intended for. Additional custom audiences can be defined for the token by setting the access_token_custom_audience parameter on the client object.

⌘I

​Body

​Response

Body

Response