sso-oauth:IntrospectTokenWithIAM is a Write access-level action in the sso-oauth service. Grants permission to validate and retrieve information about active OAuth 2.0 access tokens and refresh tokens, including their associated scopes and permissions. This permission is used only by AWS managed applications and is not documented in the IAM Identity Center OIDC API Reference
ARNs that sso-oauth:IntrospectTokenWithIAM can be scoped to in an IAM policy.
No condition keys are documented for this action.
To use sso-oauth:IntrospectTokenWithIAM you may also need to grant:
A minimal policy that allows sso-oauth:IntrospectTokenWithIAM. Replace "Resource": "*" with a specific ARN to follow least privilege.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowSsooauthIntrospectTokenWithIAM",
"Effect": "Allow",
"Action": "sso-oauth:IntrospectTokenWithIAM",
"Resource": "*"
}
]
}