Validating tokens serves to determine that a token is still valid. After that intensely intellectual definition, we’ll carry on.
If everything’s OK, DRUID returns the same token and the time when it will expire. It is a POST call to the authorization web server. A common use of this validation is to check that a user is still logged in with DRUID and to check that they haven’t done a single sign out in another application.
Presently, the DRUID integration SDK takes care of token validation, although it’s not a bad idea for you to have a clear idea of this concept in case you want to manage the tokens in your application manually.
This is achieved through a POST call using the parameter grant_type=urn:com.dru-id:oauth2:grant_type:validate_bearer.
|grant_type||The value must be set to urn:com.dru-id:oauth2:grant_type:validate_bearer.||string|
|oauth_token||The token you want to validate||string|
|client_id||Identifier of the client application.||string|
|client_secret||Secret of the client application.||string|