<@U04UQ68083H> Hydra doesn't include an `introspec...
# ory-copilot
w
@chilly-king-10285 Hydra doesn't include an
introspection_endpoint
in the .well-known openid-configuration. How can I enable the oauth2 introspection endpoint?
b
A message from kapa.ai
The OAuth2 token introspection endpoint in Ory Hydra is actually available, but it's not included in the
.well-known/openid-configuration
because it's considered an administrative endpoint and should not be publicly exposed. According to the Ory Hydra documentation, the introspection endpoint is located at
/admin/oauth2/introspect
and is part of the administrative API [Ory Hydra API Reference](https://www.ory.sh/docs/reference/api). This endpoint is intended for internal or first-party use only and should not be exposed publicly. To use the introspection endpoint: 1. Ensure that you're accessing it through the administrative port (default 4445) of Ory Hydra [Ory Hydra Production Guide](https://www.ory.sh/docs/hydra/self-hosted/production#exposing-administrative-and-public-api-endpoints). 2. Properly secure the endpoint using an API Gateway or Authorization Proxy if you need to expose it [Ory Hydra Production Guide](https://www.ory.sh/docs/hydra/self-hosted/production#exposing-administrative-and-public-api-endpoints). 3. When making requests to the introspection endpoint, you'll need to authenticate. The endpoint requires authentication, but there's no built-in access control [Ory Hydra Production Guide](https://www.ory.sh/docs/hydra/self-hosted/production#exposing-administrative-and-public-api-endpoints). Here's an example of how to use the introspection endpoint with the Ory CLI:
Copy code
bash ory introspect token $access_token --project "$PROJECT_ID"
[Ory Network OAuth2 Guide](https://www.ory.sh/docs/getting-started/ory-network-oauth2) Remember, the introspection endpoint is intentionally not included in the
.well-known/openid-configuration
to prevent public exposure. It's designed to be used internally for token validation and should be accessed and secured accordingly.