To verify the access token, the IoT platform has to call the introspection endpoint of the identity provider (IdP) and pass along the provided access token of the IoT device.
The IdP then validates the access token for its claims such as its scope, expiration time, and issuer. Upon successful validation, the IdP confirms the authenticity of the token to the IoT platform.
Depending on the use case we offer to customize the response from the IdP to add additional detail to the response of the introspection endpoint, e.g. also including the device ID or other claims from the access token.