@token= xLPcJ3tobDqGUDxIVTxWt2p7w_odZSV22IAlUf5QPZU.YD6R_xKQ2ldCLbEV7mmc01E6ZLzemzdEC5H4-otTMPg  
  
### userinfo  
GET https://openid.hydra:9001/userinfo  
Authorization: Bearer {{token}}  
  
### introspect  
POST https://openid.hydra:9002/oauth2/introspect  
Content-Type: application/x-www-form-urlencoded  
  
token={{token}}  
&scope=openid+photos.read  

PS:&scope=openid+photos.read can remove.

But you use REST Client need fix. Put session data by yourself.

  
### accept conent scope  
PUT https://192.168.99.100:9002/oauth2/auth/requests/consent/accept?consent_challenge={{consent_challenge}}  
Content-Type: application/json  
  
{  
  "grant_scope": ["openid", "photos.read"],  
  "session": {  
    "access_token": { "foo": "bar" },  
    "id_token": { "baz": "bar" }  
  }  
}  

Try and watch many document. Can’t get real why. Official Website no any discuss.