1. Verify access token API using Basic Authentication
Obtaining Resource Server (or SP) Access TokenAs per the diagram shown in Figure 9, the resource server SP needs to obtain the access token before verifying the token of client app. Below here is the API detail to obtain the token:
cURL Request for Token Generation Call
curl --location --request POST 'https://stg-id.uaepass.ae/idshub/introspect'
--header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'
--header 'Authorization: Basic <>'
--header 'Cookie: NSC_EJE_TUBH_USVTUY_MC_8082=ffffffffaf1a571d45525d5f4f58455e445a4a4229a2'
--data-urlencode 'token=<>
--header 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8'
--header 'Authorization: Basic <
--header 'Cookie: NSC_EJE_TUBH_USVTUY_MC_8082=ffffffffaf1a571d45525d5f4f58455e445a4a4229a2'
--data-urlencode 'token=<
API detail to verify the Token
POST https://stg-id.uaepass.ae/idshub/introspect
Path Parameters
| Name | Type | Description |
|---|---|---|
|
token |
query |
Access token of Client App to verify |
Header
| Name | Type | Description |
|---|---|---|
|
Content-Type |
string |
Application/x-www-form-urlencoded; charset=UTF-8 |
|
Authorization |
string |
Basic {base64 format of client credentials} |
400: Bad Request Invalid token response
{
{"active":false,}
}
{"active":false,}
}
200: OK Valid token response
{
"sub": "sample_web_stage",
"nbf": 1633262176,
"scope": "internal_application_mgt_view",
"iss": "https://qa-ids.uaepass.ae:443/oauth2/token",
"client_claims": {
"sub": "sample_web_stage",
"acr": "",
"domain": "urn:safelayer:eidas:domain:oauth:client",
"amr": "",
"distinguished_name": "Sample Web Application",
"name": "Sample Web Application"
},
"active": true,
"token_type": "Bearer",
"exp": 1633265776,
"iat": 1633262176,
"client_id": "sample_web_stage",
"username": "admin@carbon.super"
}
"sub": "sample_web_stage",
"nbf": 1633262176,
"scope": "internal_application_mgt_view",
"iss": "https://qa-ids.uaepass.ae:443/oauth2/token",
"client_claims": {
"sub": "sample_web_stage",
"acr": "",
"domain": "urn:safelayer:eidas:domain:oauth:client",
"amr": "",
"distinguished_name": "Sample Web Application",
"name": "Sample Web Application"
},
"active": true,
"token_type": "Bearer",
"exp": 1633265776,
"iat": 1633262176,
"client_id": "sample_web_stage",
"username": "admin@carbon.super"
}
Response Parameter Details:
| Name | Description |
|---|---|
|
active |
True if the token is valid (issued by TrustedX and not expired); false otherwise. When this property is false, it is the only property in the response. |
|
token_type |
Type of access token. Always has the “Bearer” value. |
|
scope |
Scopes granted to those to which the access token is associated, separated by spaces. |
|
exp |
When the token expires, expressed as the number of seconds from 1 January 1970 (UTC). |
|
iat |
When the token was issued, expressed as the number of seconds from 1 January 1970 (UTC). |
|
iss |
Token issuer. |
|
client_id |
Client identifier of the OAuth 2.0 application registered in VNPASS for which the token was issued. |
|
client_claims |
Attributes of the client application and information on how it was authenticated by VNPASS. |
|
sub |
User identifier. |
|
user_claims |
Claims of the user. |
|
times_verified |
Number of times that the token had been previously verified, without including the current verification. The first time a token is verified, this field takes the value of 0. |
Was this helpful?
Thank you!
Việt Nam 
Tiếng Anh 
Hotline
