The endpoint to introspect an OAuth 2.0 Access or Refresh Token in Ory is

/admin/oauth2/introspect

. This endpoint allows you to check if a token (both refresh and access) is active or not. An active token is neither expired nor revoked. If a token is active, additional information on the token will be included. Here is an example of how to use this endpoint in a client:

javascript import { Configuration, OAuth2Api } from "@ory/client"      const ory = new OAuth2Api(    new Configuration({    basePath: `https://${process.env.ORY_PROJECT_SLUG}.<http://projects.oryapis.com|projects.oryapis.com>`,    accessToken: process.env.ORY_API_KEY,    }),   )      export async function introspectToken(accessToken: string) {    const { data } = await ory.introspectOAuth2Token({ token: accessToken })    data.active // true or false   }

In this example,

introspectOAuth2Token

method is used to introspect the token. The

accessToken

is passed as a parameter to this method. Please note that to perform this operation, you must be authenticated by means of

oryAccessToken

. Sources: - [Ory API Reference - introspectOAuth2Token](https://www.ory.sh/docs/reference/api) - [Hydra Guide - OAuth 2.0 token introspection](https://www.ory.sh/docs/hydra/guides/oauth2-token-introspection) - [Hydra API Reference - introspectOAuth2Token](https://www.ory.sh/docs/hydra/reference/api)