@RequestMapping(value = "/validation", method = RequestMethod.POST) @ResponseBody public AccessToken tokenValidation(@RequestHeader("Authorization") final String authorization) { String token = getToken(authorization); OAuth2Authentication auth = tokenServices.loadAuthentication(token); OAuth2AccessToken accessToken = tokenServices.getAccessToken(auth); AuthorizationRequest authReq = auth.getAuthorizationRequest(); AccessToken.Builder tokenBuilder = new AccessToken.Builder(token).setClientId(authReq.getClientId()); if(auth.getUserAuthentication() != null && auth.getPrincipal() instanceof User) { User user = (User) auth.getPrincipal(); tokenBuilder.setUserName(user.getUserName()); tokenBuilder.setUserId(user.getId()); } tokenBuilder.setExpiresAt(accessToken.getExpiration()); for (String scopeString : authReq.getScope()) { tokenBuilder.addScope(new Scope(scopeString)); } return tokenBuilder.build(); }