Validating tokens serves to determine that a token is still valid. After that intensely intellectual definition, we’ll carry on.

If everything’s OK, DRUID returns the same token and the time when it will expire. It  is a POST call to the authorization web server. A common use of this validation is to check that a user is still logged in with DRUID and to check that they haven’t done a single sign out in another application.

Presently, the DRUID integration SDK takes care of token validation, although it’s not a bad idea for you to have a clear idea of this concept in case you want to manage the tokens in your application manually.

This is achieved through a POST call using the parameter grant_type=urn:com.dru-id:oauth2:grant_type:validate_bearer.

Endpoint URL:

 POST https://{}/oauth2/token

Request parameters

grant_typeThe value must be set to urn:com.dru-id:oauth2:grant_type:validate_bearer.string
oauth_tokenThe token you want to validatestring
client_idIdentifier of the client application.string
client_secretSecret of the client application.string

cURL Request example