1. Verify access token API using Basic Authentication
Obtaining Resource Server (or SP) Access Token
Last updated
Obtaining Resource Server (or SP) Access Token
Last updated
As per the diagram shown in Figure 9, the resource server SP needs to obtain the access token before verifying the token of client app. Below here is the API detail to obtain the token:
POST
https://stg-id.uaepass.ae/idshub/introspect
Name | Type | Description |
---|---|---|
Name | Type | Description |
---|---|---|
Response Parameter Details:
Name | Description |
---|---|
token
query
Access token of Client App to verify
Content-Type
string
Application/x-www-form-urlencoded; charset=UTF-8
Authorization
string
Basic {base64 format of client credentials}
active
True if the token is valid (issued by TrustedX and not expired); false otherwise. When this property is false, it is the only property in the response.
token_type
Type of access token. Always has the “Bearer” value.
scope
Scopes granted to those to which the access token is associated, separated by spaces.
exp
When the token expires, expressed as the number of seconds from 1 January 1970 (UTC).
iat
When the token was issued, expressed as the number of seconds from 1 January 1970 (UTC).
iss
Token issuer.
client_id
Client identifier of the OAuth 2.0 application registered in UAE PASS for which the token was issued.
client_claims
Attributes of the client application and information on how it was authenticated by UAEPASS.
sub
User identifier.
user_claims
Claims of the user.
times_verified
Number of times that the token had been previously verified, without including the current verification. The first time a token is verified, this field takes the value of 0.