<div dir="ltr">Thank you all for the quick responses. However, I am having an issue with that endpoint, and am assuming I am doing something wrong :)<br><br><div><div>I am making the request with a Bearer authorization header containing the token of a client that has the admin role in it&#39;s service account. I am testing that the client token is valid via the following curl call:<br><br>curl -s -X GET -H &quot;Authorization: Bearer $_CLIENT_TOKEN&quot; &#39;<a href="http://localhost-docker:8080/auth/admin/realms/master/users">http://localhost-docker:8080/auth/admin/realms/master/users</a>&#39;<br><br>However, when I make the following curl request for token introspection:<br><br>curl -v -X POST -H &quot;Authorization: Bearer $_CLIENT_TOKEN&quot; --data &quot;token=$_INTROSPECT_TOKEN&quot; \<br>   &#39;<a href="http://localhost-docker:8080/auth/realms/master/protocol/openid-connect/token/introspect">http://localhost-docker:8080/auth/realms/master/protocol/openid-connect/token/introspect</a>&#39;<br><br>... I get the following response:<br><br>&gt; HTTP/1.1 401 Unauthorized<br>&gt; Connection: keep-alive<br>&gt; X-Powered-By: Undertow/1<br>&gt; Server: WildFly/10<br>&gt; Content-Type: application/json<br>&gt; Content-Length: 72<br>&gt; Date: Wed, 20 Apr 2016 15:33:57 GMT<br>&gt; </div><div>&gt; {&quot;error_description&quot;:&quot;Authentication failed.&quot;,&quot;error&quot;:&quot;invalid_request&quot;}<br><br>... and the following console error output:<br><br>&gt; 2016-04-20 15:21:45,787 ERROR [org.keycloak.services] (default task-13) KC-SERVICES0014: Failed client authentication: org.keycloak.authentication.AuthenticationFlowException: Client was not identified by any client authenticator</div><div><div>&gt;    at org.keycloak.authentication.ClientAuthenticationFlow.processFlow(ClientAuthenticationFlow.java:101)<br>&gt;    at org.keycloak.authentication.AuthenticationProcessor.authenticateClient(AuthenticationProcessor.java:673)<br>&gt;    at org.keycloak.protocol.oidc.utils.AuthorizeClientUtil.authorizeClient(AuthorizeClientUtil.java:42)<br>&gt;        ...<br>&gt; 2016-04-20 15:21:45,791 WARN  [org.keycloak.events] (default task-13) type=INTROSPECT_TOKEN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=192.168.99.1, error=invalid_client_credentials<br>&gt; 2016-04-20 15:21:45,792 WARN  [org.keycloak.events] (default task-13) type=INTROSPECT_TOKEN_ERROR, realmId=master, clientId=null, userId=null, ipAddress=192.168.99.1, error=invalid_request, detail=&#39;Authentication failed.&#39;<div><div><br></div></div><div>Is there another method I should be using to authenticate the client for this request? Is there something else that you see that I am doing wrong?</div><div><br></div></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 20, 2016 at 10:13 AM, Thomas Darimont <span dir="ltr">&lt;<a href="mailto:thomas.darimont@googlemail.com" target="_blank">thomas.darimont@googlemail.com</a>&gt;</span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">:)</div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-04-20 16:07 GMT+02:00 Juraci Paixão Kröhling <span dir="ltr">&lt;<a href="mailto:juraci@kroehling.de" target="_blank">juraci@kroehling.de</a>&gt;</span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span>On 20.04.2016 15:53, Brian Watson wrote:<br>
&gt; Is there an endpoint I can call with a token that will tell me if the<br>
&gt; token is still valid? Is there another way I should be performing this<br>
&gt; check?<br>
<br>
</span>Make a POST sending &quot;token&quot; as request parameter to<br>
/realms/{realm}/protocols/openid-connect/token/introspect<br>
<br>
- Juca.<br>
<div><div>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org" target="_blank">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br>
</div></div></blockquote></div><br></div>
</div></div><br>_______________________________________________<br>
keycloak-user mailing list<br>
<a href="mailto:keycloak-user@lists.jboss.org">keycloak-user@lists.jboss.org</a><br>
<a href="https://lists.jboss.org/mailman/listinfo/keycloak-user" rel="noreferrer" target="_blank">https://lists.jboss.org/mailman/listinfo/keycloak-user</a><br></blockquote></div><br></div>