We would like to implement OIDC protocol in order to provide APIs and oAuth accesses (with jive oAuth mechanism) within an API Management Module (= APIGEE).
Jive would be used to generate the oAuth access tokens,
but the API Management module which is "between" the client app and the Jive platform,
has to validate the token before sending the request to the jive platform back-end.
To validate the token, the API Management Module must know:
- if the token is valid (User consent still OK or revoked?)
- What application had generated the token (client_id ? ) = in order to check if that current app is allowed to make the request (according to its quota of requests, rate limitations...)
Is there a way to get, from a given access token, the client_id of the application that has generated this token?
Just answering your question for deriving the client ID from the token, it is not possible. The flow you're looking for with checking to see if a token is valid without actually making a request (and getting a 4xx error) isn't something I know of to be possible, but maybe another customer has found a solution that's worked for them.