Validate an access token

Configure the plugin to use an OAuth 2.0 server’s introspection endpoint to validate an access token.

Environment variables

  • AUTHORIZATION_HEADER_VALUE: The value to set for the Authorization header to access the introspection endpoint.

  • INTROSPECTION_URL: The full URL to the introspection endpoint.

Set up the plugin

Add this section to your declarative configuration file:

_format_version: "3.0"
plugins:
  - name: oauth2-introspection
    config:
      introspection_url: ${{ env "DECK_INTROSPECTION_URL" }}
      authorization_value: ${{ env "DECK_AUTHORIZATION_HEADER_VALUE" }}
Copied to clipboard!

Did this doc help?

Something wrong?

Help us make these docs great!

Kong Developer docs are open source. If you find these useful and want to make them better, contribute today!