Many thanks Hans! I very much appreciate your help. Introspection now works for me; turns out I did indeed have a few problems of inconsistent <host>:<port> combinations: 1. In one case, the token was obtained using HTTPS and port 443, but the Introspection was done using HTTP and port 80. 2. The Host header in the HTTP introspection request contained the resolved IP address of the keycloak server (and not its domain name), while the destination for the POST request for obtaining the token was the domain name itself. 3. In another case, the token was obtained from keycloak server at port 8080, but the Host header in the introspection request didn't include the port (which isn't HTTP default port, so it is needed). Thanks, Dorit -----Original Message----- From: keycloak-user-bounces(a)lists.jboss.org [mailto:keycloak-user-bounces@lists.jboss.org] On Behalf Of Hans Zandbelt Sent: Monday, July 23, 2018 21:34 To: keycloak-user(a)lists.jboss.org Subject: Re: [keycloak-user] Keycloak - grant_type when getting a token and token introspection Check that you're calling the introspection endpoint using the same <host>:<port> combo as the one that was used when the token was obtained by the client in the call to the token endpoint otherwise the introspection result will always be { "active": "false" }. Hans. -- hans.zandbelt(a)zmartzone.eu ZmartZone IAM - https://emea01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwebdefe... _______________________________________________ keycloak-user mailing list keycloak-user(a)lists.jboss.org https://emea01.safelinks.protection.outlook.com/?url=https%3A%2F%2Flists.... This email and any files transmitted with it are confidential material. They are intended solely for the use of the designated individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, use, distribution or copying of this communication is strictly prohibited and may be unlawful. If you have received this email in error please immediately notify the sender and delete or destroy any copy of this message