Token Introspection
Introduction
The token inspector tool enables developers to check the Time to Live (TTL) and status (active/expired) for all tokens (including Enterprise tokens.) For Authorization Code Flow (3-legged OAuth) tokens, permission scopes will be displayed. You can fetch access token data using the /introspectToken
endpoint or the Token Inspector Tool in the UI.
API Details
POST https://www.linkedin.com/oauth/v2/introspectToken
Content-Type: application/x-www-form-urlencoded
Sample Request
Request Body
Field | Type | Description |
---|---|---|
client_id | string | Required. Application client id |
client_secret | string | Required. Application client secret |
token | string | Required. The string value of the token returned using Client Credential Flow (2-legged OAuth), Authorization Code Flow (3-legged OAuth), or Enterprise_User (Enterprise OAuth Flow). |
Sample Response
{
"active": true,
"client_id": "xxxxxxxx",
"authorized_at": 1493055596,
"created_at": 1493055596,
"status": "active",
"expires_at": 1497497620,
"scope": "r_liteprofile,r_emailaddress,w_member_social",
"auth_type": "_see note below_"
}
Note
Possible auth-type
values returned are:
"auth_type": "2L"
"auth_type": "3L"
"auth_type": "Enterprise_User"
Response Fields
Field | Type | Description |
---|---|---|
active | boolean | Required. Boolean indicator of whether or not the returned token is currently active |
status | string | Optional. An enum string with values:revoked - Token has been revoked expired - Token has expired due to the "expires_at" TTLactive - Token is active |
scope | string | Optional. A string containing a comma-separated list of scopes associated with this token. Returned only for token obtained via Authorization Code Flow (3-legged OAuth) |
client_id | string | Optional. Optional. Application Client ID |
created_at | long | Optional. Epoch time in seconds, indicating when this token was originally issued |
expires_at | long | Optional. Epoch time in seconds, indicating when this token will expire |
authorized_at | long | Optional. Epoch time in seconds, indicating when the token was authorized |
auth_type | string | Optional. String with values:3L - 3-legged member token2L - 2-legged application tokenEnterprise_User - Enterprise member token |
HTTP Response Status Codes
The response will vary depending on the status of the token and its authenticity.
Status Code | Description |
---|---|
200 | Success |
400 | Invalid client id or token |
401 | Invalid client secret |
Note
If the credentials are valid but do not match the client information in the token, you will receive a successful response (status 200 OK), however with "active": false,
in the response body.
Commentaires
https://aka.ms/ContentUserFeedback.
Bientôt disponible : Tout au long de 2024, nous allons supprimer progressivement GitHub Issues comme mécanisme de commentaires pour le contenu et le remplacer par un nouveau système de commentaires. Pour plus d’informations, consultezEnvoyer et afficher des commentaires pour