How to verify credentials using an access token (no user context)?


#1

I’m working on implementing ASP.NET C# Single Page Application + Web API with OWIN for Twitter.

So a quick summary:
The SPA client opens a popup window of the Web API that, via the Owin-Twitter middleware, redirects the user to Twitter where he enters his username and password. Via back and forth of requests and responses, the Web API receives an authenticated access token from Twitter. The only reliable piece of data I have at this point is the access token.

So the question is:
Is there a way to verify an access token, that it was issued for such user and for such app/consumer?

After days of research, the only thing I have seen so far is:
GET account/verify_credentials
https://dev.twitter.com/rest/reference/get/account/verify_credentials
But thing is it requires a user context. I need a way that is workable with just an access token.

Any help would be greatly appreciated.


#2

What I have in mind as a direct solution is something along the lines of:
eg, for Facebook Auth: https://graph.facebook.com/debug_token?input_token={...}&access_token={...}
eg, for Google Auth: https://www.googleapis.com/oauth2/v1/tokeninfo?access_token={...}