You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
generated the access_token https://myexample.com/realms/csd/oauth/token and got it back {"access_token":"9u5_ajxFVCtmL8HIN2itc-DmjrIzRFpHu65O0LA-cqL_Nnk_zO6ktR98tCC0ZIXcskOPt9c-5tCxFpdP","token_type":"Bearer","expires_in":299}
manually validate the access_token, simulating a RS,
As shown in the docs and example, the introspection is an protected endpoint and the client / API needs to authenticate itself in order to check the token (of the client / user).
In your curl you send the client / user token as a header. This needs to be sent as part of the request in the body: https://zitadel.com/docs/apis/openidoauth/endpoints#introspection_endpoint
Preflight Checklist
Version
latest
Describe the problem caused by this bug
both https://github.com/zitadel/examples-api-access-and-token-introspection/tree/main/service-user-client-credentials and https://zitadel.com/blog/2023-03-23-api-access-and-introspection-04.png at https://zitadel.com/blog/api-access-and-introspection shows API Access with Client Credentials - Basic Authentication. I run the exampleop and followed this flow:
{"access_token":"9u5_ajxFVCtmL8HIN2itc-DmjrIzRFpHu65O0LA-cqL_Nnk_zO6ktR98tCC0ZIXcskOPt9c-5tCxFpdP","token_type":"Bearer","expires_in":299}
but got:
ErrorType=invalid_client Parent=client_id missing from request
To reproduce
Screenshots
No response
Expected behavior
The Bearer token should be successfully validated since this is how OAuth2/OIDC directs
Additional Context
No response
The text was updated successfully, but these errors were encountered: