From b54ae51b6a1d1ae607019628a45a1bb0f400d878 Mon Sep 17 00:00:00 2001
From: RolandGuijt <github@4sh.nl>
Date: Fri, 1 Nov 2024 21:36:12 +0100
Subject: [PATCH] Update introspection doc (#534)

* Update introspection doc

* Forgot a comma

* Clarify active flag

* Delete double info, clarify refresh token restriction.

---------

Co-authored-by: Roland Guijt <roland.guijt@gmail.com>
---
 .../content/reference/endpoints/introspection.md | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)

diff --git a/IdentityServer/v7/docs/content/reference/endpoints/introspection.md b/IdentityServer/v7/docs/content/reference/endpoints/introspection.md
index 8a19faf3..897008ca 100644
--- a/IdentityServer/v7/docs/content/reference/endpoints/introspection.md
+++ b/IdentityServer/v7/docs/content/reference/endpoints/introspection.md
@@ -6,7 +6,8 @@ weight: 5
 
 The introspection endpoint is an implementation of [RFC 7662](https://tools.ietf.org/html/rfc7662).
 
-It can be used to validate reference tokens (or JWTs if the consumer does not have support for appropriate JWT or cryptographic libraries).
+It can be used to validate reference tokens, JWTs (if the consumer does not have support for appropriate JWT or cryptographic libraries) and refresh tokens. Refresh tokens can only be introspected by the client that requested them.
+
 The introspection endpoint requires authentication - since the client of an introspection endpoint is an API, you configure the secret on the *ApiResource*.
 
 ```
@@ -16,16 +17,23 @@ Authorization: Basic xxxyyy
 token=<token>
 ```
 
-A successful response will return a status code of 200 and either an active or inactive token::
+A successful response will return a status code of 200, the token claims, the token type and a flag indicating the token is active:
 
 ```
 {
+    "iss": "https://localhost:5001",
+    "nbf": 1729599599,
+    "iat": 1729599599,
+    "exp": 1729603199,
+    "client_id": "client",
+    "jti": "44FD2DE9E9F8E9F4DDD141CD7C244BE9",
+    "scope": "api1",
+    "token_type": "access_token",
     "active": true,
-    "sub": "123"
 }
 ```
 
-Unknown or expired tokens will be marked as inactive::
+Unknown or expired tokens will be marked as inactive:
 
 ```
 {