1. Verify access token API using Basic Authentication

Obtaining Resource Server (or SP) Access Token

As per the diagram shown in Figure 9, the resource server SP needs to obtain the access token before verifying the token of client app. Below here is the API detail to obtain the token:

cURL Request for Token Generation Call

curl --location --request POST 'https://stg-id.uaepass.ae/idshub/introspect' \
--header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' \
--header 'Authorization: Basic <<Basic auth credentials>>' \
--header 'Cookie: NSC_EJE_TUBH_USVTUY_MC_8082=ffffffffaf1a571d45525d5f4f58455e445a4a4229a2' \
--data-urlencode 'token=<<Token to introspect>>

API detail to verify the Token

POST https://stg-id.uaepass.ae/idshub/introspect

Path Parameters

Name	Type	Description
token	query	Access token of Client App to verify

Name

Type

Description

token

query

Access token of Client App to verify

Headers

Name	Type	Description
Content-Type	string	Application/x-www-form-urlencoded; charset=UTF-8
Authorization	string	Basic {base64 format of client credentials}

Name

Type

Description

Content-Type

string

Application/x-www-form-urlencoded; charset=UTF-8

Authorization

string

Basic {base64 format of client credentials}

{
  {"active":false,}
}

{
    "sub": "sample_web_stage",
    "nbf": 1633262176,
    "scope": "internal_application_mgt_view",
    "iss": "https://qa-ids.uaepass.ae:443/oauth2/token",
    "client_claims": {
        "sub": "sample_web_stage",
        "acr": "",
        "domain": "urn:safelayer:eidas:domain:oauth:client",
        "amr": "",
        "distinguished_name": "Sample Web Application",
        "name": "Sample Web Application"
    },
    "active": true,
    "token_type": "Bearer",
    "exp": 1633265776,
    "iat": 1633262176,
    "client_id": "sample_web_stage",
    "username": "admin@carbon.super"
}

Response Parameter Details:

Name	Description
active	True if the token is valid (issued by TrustedX and not expired); false otherwise. When this property is false, it is the only property in the response.
token_type	Type of access token. Always has the “Bearer” value.
scope	Scopes granted to those to which the access token is associated, separated by spaces.
exp	When the token expires, expressed as the number of seconds from 1 January 1970 (UTC).
iat	When the token was issued, expressed as the number of seconds from 1 January 1970 (UTC).
iss	Token issuer.
client_id	Client identifier of the OAuth 2.0 application registered in UAE PASS for which the token was issued.
client_claims	Attributes of the client application and information on how it was authenticated by UAEPASS.
sub	User identifier.
user_claims	Claims of the user.
times_verified	Number of times that the token had been previously verified, without including the current verification. The first time a token is verified, this field takes the value of 0.

Name

Description

active

True if the token is valid (issued by TrustedX and not expired); false otherwise. When this property is false, it is the only property in the response.

token_type

Type of access token. Always has the “Bearer” value.

scope

Scopes granted to those to which the access token is associated, separated by spaces.

exp

When the token expires, expressed as the number of seconds from 1 January 1970 (UTC).

iat

When the token was issued, expressed as the number of seconds from 1 January 1970 (UTC).

iss

Token issuer.

client_id

Client identifier of the OAuth 2.0 application registered in UAE PASS for which the token was issued.

client_claims

Attributes of the client application and information on how it was authenticated by UAEPASS.

sub

User identifier.

user_claims

Claims of the user.

times_verified

Number of times that the token had been previously verified, without including the current verification. The first time a token is verified, this field takes the value of 0.

PreviousIntegration Steps Next2. Obtaining Authenticated User Information from the Access Token

Last updated 2 years ago