RFC 7662 — OAuth 2.0 Token Introspection by node

This document defines a method for a protected resource to query the authorization server for the state and metadata of an access token, letting a resource server accept opaque tokens by asking the issuer whether a token is active and what it authorises.