Stuck on a persistent 401 Unauthorized response when calling the /api/v2/oauth/token/introspect endpoint from our Genesys Cloud Premium App. The integration manages multi-org connections, and while standard API calls succeed, the introspection check fails specifically for tenants using custom SSO configurations. The request body contains a valid access token retrieved via the standard OAuth client credentials flow, yet the response payload indicates invalid_client rather than invalid_token. This suggests the client_id or client_secret mapping might be resolving incorrectly in the context of the partner app’s service account, despite the credentials being verified against the primary org. The issue does not occur in sandbox environments, pointing toward a production-specific scoping or permissions constraint. The app manifest includes all required permissions for OAuth administration, and the service account has been granted the necessary roles.
- Verified the access token payload using jwt.io to confirm the issuer and audience claims match the target organization ID.
- Attempted to bypass the introspection call by implementing local token expiry tracking, but this creates race conditions during concurrent user sessions in high-volume call centers.