Skip to main content
const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
  custom_base_url: '${projectDomain}',
});

const params = {
  token: 'eyJ...',
};

const options = {
  authorization_check: {
    organization_id: '${organizationId}',
    resource_id: 'documents',
    action: 'create',
  },
};

client.idp
  .introspectTokenLocal(params, options)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });


{
  "subject": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "scope": "openid email profile",
  "audience": ["PROJECT_ID"],
  "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  "expires_at": 1738848103,
  "issued_at": 1738844503,
  "issuer": "https://${projectDomain}",
  "token_type": "access_token"
}

const stytch = require('stytch');

const client = new stytch.B2BClient({
  project_id: '${projectId}',
  secret: '${secret}',
  custom_base_url: '${projectDomain}',
});

const params = {
  token: 'eyJ...',
};

const options = {
  authorization_check: {
    organization_id: '${organizationId}',
    resource_id: 'documents',
    action: 'create',
  },
};

client.idp
  .introspectTokenLocal(params, options)
  .then((resp) => {
    console.log(resp);
  })
  .catch((err) => {
    console.log(err);
  });


{
  "subject": "member-test-32fc5024-9c09-4da3-bd2e-c9ce4da9375f",
  "scope": "openid email profile",
  "audience": ["PROJECT_ID"],
  "client_id": "connected-app-test-d731954d-dab3-4a2b-bdee-07f3ad1be888",
  "expires_at": 1738848103,
  "issued_at": 1738844503,
  "issuer": "https://${projectDomain}",
  "token_type": "access_token"
}

Documentation Index

Fetch the complete documentation index at: https://stytch.com/docs/llms.txt

Use this file to discover all available pages before exploring further.

Examine and introspect an access token locally. All standard and custom claims will be returned. No network calls are made when invoking this API method. An error will be thrown if the token is not active. This method supports only access tokens. If an authorization_check object is passed in, this method will also check if the token contains scopes that are authorized to perform the specified action on the resource_id in the specified Organization.

Body

token
string
required
The token to introspect.

Response

scope
string
The scopes granted to the token.
token_type
string
The type of the token. Possible values are access_token and refresh_token.
expires_at
string
The expiration time of the token, expressed as a Unix timestamp.
issued_at
string
The time at which the token was issued, expressed as a Unix timestamp.
subject
string
The subject of the token. This is a unique identifier for the user.
issuer
string
The issuer of the token. This is the domain of your project, e.g. https://$ by default, or stytch.com/PROJECT_ID if the token was retrieved using the stytch.com domain. See the Custom Domain guide for more information.
audience
string
The audience (project_id) that the token is intended for. Additional custom audiences can be defined for the token by setting the access_token_custom_audience parameter on the client object.