Hi, I’m desperately trying to get access to the /oauth2/introspect api. I’m currently using postman and created a client for this:
{
“id”: “tills-postman”,
“client_name”: “Tills Postman”,
“redirect_uris”: [
“https://www.getpostman.com/oauth2/callback”
],
“grant_types”: [
“client_credentials”
],
“response_types”: [
“token”
],
“scope”: “hydra.consent hydra.clients hydra.policies hydra.*”,
“owner”: “”,
“policy_uri”: “”,
“tos_uri”: “”,
“client_uri”: “”,
“logo_uri”: “”,
“contacts”: null,
“public”: false
}
So I created this policy to get instrospection to work:
{
“id”: “accesstoken_introsp-policy”,
“description”: “Can introspect tokens”,
“subjects”: [
“tills-postman”
],
“effect”: “allow”,
“resources”: [
“rn:hydra:oauth2:tokens”
],
“actions”: [
“introspect”
],
“conditions”: {}
}
But whenever I call the /oauth2/introspect rest endpoint I get the following error in the console:
level=error msg=“An error occurred” error=“Validator returned error A validator returned an error: The request could not be authorized: Token is inactive because it is malformed, expired or otherwise invalid”
The token I’m using to authenticate is working for other endpoints like /clients or /policies. What is it I’m missing here?
Thanks in advance.