Token Introspection (RFC 7662)

An OAuth 2.0 endpoint defined in RFC 7662 where resource servers can send an access or refresh token to the authorization server and receive structured metadata about it — including whether it is active, its scopes, expiration time, associated user, and issuing client. Introspection is used with opaque tokens that resource servers cannot validate locally, as an alternative to self-contained JWTs.