Skip to main content

OAuth 2.0 token introspection

Token introspection is a mechanism for resource servers to obtain information about access tokens. With this specification, resource servers can check the validity of access tokens and discover other information, such as which user and which scopes are associated with the token.


Token introspection is meant for first-party or internal use only. The endpoint shouldn't be exposed publicly.

import { Configuration, OAuth2Api } from "@ory/client"

const ory = new OAuth2Api(
new Configuration({
basePath: `https://${process.env.ORY_PROJECT_SLUG}`,
accessToken: process.env.ORY_API_KEY,

export async function introspectToken(accessToken: string) {
const { data } = await ory.introspectOAuth2Token({ token: accessToken }) // true or false