Okta Doesn't Log All OAuth Endpoints in System Log - /introspect /userinfo /keys

This article clarifies which Open Authorization (OAuth) endpoints do not appear in the System Log.

• /introspect
• /userinfo
• /keys
• System Log
• Open Authorization (OAuth)
• OpenID Connect / OAuth 2.0
• Okta Classic Engine
• Okta Identity Engine (OIE)

Certain endpoints do not generate events in the System Log. This includes the following:

• /introspect
• /userinfo
• /keys

Only token creation (minting) events, such as app.oauth2.token.grant.access_token, are logged. These logs indicate when an access token was issued for a specific <client_id>, but they do not capture when or how often the token was introspected.

To monitor or limit the usage of these endpoints, use the following methods:

• Review application or Application Programming Interface (API) gateway logs to track outgoing requests to /introspect.
• Implement local token validation to reduce dependency on the /introspect endpoint and avoid rate-limit issues.
• To monitor rate limits, check the rate-limit metrics for each OAuth client in the Okta Admin Console using the following query: eventType co "system.rate.limit" and target.id eq "client Id".