Manage Progress Application Server (PAS) for OpenEdge

Validate access and ID tokens

Save PDF

Table of Contents

Validate access and ID tokens

Save PDF

Last Updated: February 11, 2026
1 minute read

OpenEdge
Version 13.0
Documentation

Validate access and ID tokens

Description

Validates access and ID tokens. Opaque tokens must use remote validation. Non-opaque tokens can also use remote validation to verify that a user is still active. Remote validation requests must include the base64-encoded values for unique client ID and a client secret in the authorization header. OESECTOOL does not support generating opaque tokens. For remote validation tests, use a non-opaque token.

HTTP Operation

POST

URL

http[s]://hostname:port/introspect

The request to the server must include the base64-encoded values for general.cid:general.client_secret.

Command-line example

For example, if general.cid=oeablClient and general.client_secret=oesectoolsecret the authorization code is 'b2VhYmxDbGllbnQ6b2VzZWN0b29sc2VjcmV0'

curl -X POST -H "Content-type:application/x-www-form-urlencoded" 
-H "accept:application/json" -H "authorization:Basic b2VhYmxDbGllbnQ6b2VzZWN0b29sc2VjcmV0" 
"http://localhost:8888/introspect" -d "token=eyJhbGciOiJSUzI1NiJ9.eyJzdWIiOiJ5c2hyZUBwcm9n
cmVzcy5jb20iLCJzY3AiOlsib3BlbmlkIiwiZW1haWwiLCJwcm9maWxlIl0sInZlciI6MSwiaXNzIjoiaHR0cHM6XC
9cL2xvY2FsaG9zdDo5OTk5IiwiYXVkIjoib2VhYmxhcHAiLCJ1aWQiOiIwMHUyazF4YzBmSFVFZWdoYzVkNyIsInRv
a2VuX3VzZSI6ImFjY2VzcyIsInNjb3BlIjoiUFNDVXNlciIsImV4cCI6MTY1ODk0OTIyMSwiaWF0IjoxNjU4OTQ1Nj
IxLCJqdGkiOiJBVC43WUhHQWFvaHJDQWFndW42TlNJWklPUzZTRVZZVHJVRmM1ZzZGSEh2VDRnIiwiY2lkIjoib2Vh
YmxDbGllbnQifQ.R765oWx_PZKfFI2b-MemjuO_SQJnHgAPtP7MTFTgrN9WLXI6Pfxys0zziMOwBSjHpeRLrBb_0y0
lJ225_YAgIDxbiyMQsvSSVxfNPcvSdfe9Gg5OFRnlkLwza01CBtRm6b3jdj9FdntXS6PeSPLD4eSnnYPwEp62J4lSU
n3e0fhVXV2M1iIWpVxN-qBqUzwJFeDRU3hjWM95qWo3t7fFwkhGQy-aMg5phZjYdUvrKHoRmVbFL-nyVAXK6H6JFPk
mz5j2T-q1aKjJyMiHrXqIszAWI_QMltLcgw_5kfLB3gxw35eI-GU76iwcsSDiIpBNFcLVRcRuT9lChxjnhKUi6A"

Note: This command was reformatted to fit the page.

Result

A JSON string with a set of public keys:

{"active":true,"token_type":"Bearer","scope":["openid","email","profile"],"client_id":
"oeablClient","username":"yshre@progress.com","exp":1658949221,"iat":1658945621,
"sub":"yshre@progress.com","aud":"oeablapp","iss":"https://localhost:9999","jti":"AT.
7YHGAaohrCAagun6NSIZIOS6SEVYTrUFc5g6FHHvT4g","uid":"00u2k1xc0fHUEeghc5d7"}

Note: This output was reformatted to fit the page.

If the token is inactive, the output is:

{"active":"false"}