diff --git a/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java b/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
index 4d6e2d0..7c52f4a 100644
--- a/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
+++ b/src/main/java/com/monkeyk/sos/web/controller/OAuthRestController.java
@@ -87,14 +87,18 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
 
     /**
      * Verify access_token
+     * <p/>
+     * Ext. from CheckTokenEndpoint
      *
-     * @param value token
+     * @param value    token
+     * @param clientId client_id
      * @return Map
      * @see org.springframework.security.oauth2.provider.endpoint.CheckTokenEndpoint
+     * @since 1.0
      */
     @RequestMapping(value = "/oauth/check_token", method = RequestMethod.POST)
     @ResponseBody
-    public Map<String, ?> checkToken(@RequestParam("token") String value) {
+    public Map<String, ?> checkToken(@RequestParam("token") String value, @RequestParam("client_id") String clientId) {
 
         OAuth2AccessToken token = resourceServerTokenServices.readAccessToken(value);
         if (token == null) {
@@ -105,7 +109,16 @@ public class OAuthRestController implements InitializingBean, ApplicationContext
             throw new InvalidTokenException("Token has expired");
         }
 
+        ClientDetails clientDetails = clientDetailsService.loadClientByClientId(clientId);
+        if (clientDetails == null) {
+            throw new InvalidClientException("client_id was not recognised");
+        }
+
         OAuth2Authentication authentication = resourceServerTokenServices.loadAuthentication(token.getValue());
+        final String authClientId = authentication.getOAuth2Request().getClientId();
+        if (!clientId.equals(authClientId)) {
+            throw new InvalidClientException("Given client ID does not match authenticated client");
+        }
         return accessTokenConverter.convertAccessToken(token, authentication);
     }
 
diff --git a/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp b/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
index 6689e2a..fa91c3b 100644
--- a/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
+++ b/src/main/webapp/WEB-INF/jsp/clientdetails/test_client.jsp
@@ -149,6 +149,25 @@
             </div>
         </c:if>
 
+        <div class="panel panel-default">
+            <div class="panel-heading">Verify [access_token]</div>
+            <div class="panel-body">
+                <p class="text-muted">输入access_token 后点击链接地址.</p>
+                access_token: <input type="text" ng-model="accessToken" required="required" size="70"
+                                     placeholder="access_token"/>
+
+                <br/>
+
+                <form action="${contextPath}/oauth/check_token?token={{accessToken}}&client_id={{clientId}}"
+                      method="post" target="_blank">
+                    <button class="btn btn-link" type="submit">
+                        /oauth/check_token?token={{accessToken}}&client_id={{clientId}}
+                    </button>
+                    <span class="label label-warning">POST</span>
+                </form>
+            </div>
+        </div>
+
         <div class="text-center">
             <a href="${contextPath}/client_details" class="btn btn-default">Back</a>
         </div>
@@ -174,6 +193,7 @@
         $scope.password = "mobile";
         //a temp value
         $scope.refreshToken = "1156ebfe-e303-4572-9fb5-4459a5d46610";
+        $scope.accessToken = "e2996930-8398-44fd-8de5-7d1b1624ced7";
 
     }];
 </script>
diff --git a/src/main/webapp/resources/api/SOS_API-1.0.html b/src/main/webapp/resources/api/SOS_API-1.0.html
index b4249ca..89c022a 100644
--- a/src/main/webapp/resources/api/SOS_API-1.0.html
+++ b/src/main/webapp/resources/api/SOS_API-1.0.html
@@ -34,6 +34,7 @@
             </li>
             <li class="list-group-item"><a href="#getTokenCred">获取access_token (grant_type=client_credentials)</a></li>
             <li class="list-group-item"><a href="#getTokenRest">获取access_token (Restful API)</a></li>
+            <li class="list-group-item"><a href="#verifyToken">校验access_token</a></li>
             <li class="list-group-item"><a href="#refreshToken">刷新access_token (grant_type=refresh_token)</a></li>
             <li class="list-group-item"><a href="#userInfoUnity">获取当前用户信息 (ROLE_UNITY)</a></li>
             <li class="list-group-item"><a href="#userInfoMobile">获取当前用户信息 (ROLE_MOBILE)</a></li>
@@ -418,6 +419,77 @@
                 </li>
             </ul>
         </div>
+        <div class="well well-sm" id="verifyToken">
+            <h3>校验access_token
+                <small class="badge">public</small>
+            </h3>
+
+            <p class="text-muted">校验, 检查access_token的有效性</p>
+
+            <ul class="list-group">
+                <li class="list-group-item">
+                    <p>
+                        请求URI: <code>/oauth/check_token</code> <span
+                            class="label label-warning">POST</span>
+                    </p>
+
+                    <div>
+                        请求参数说明:
+                        <table class="table table-bordered">
+                            <thead>
+                            <tr>
+                                <th>参数名</th>
+                                <th>参数值</th>
+                                <th>必须?</th>
+                                <th>备注</th>
+                            </tr>
+                            </thead>
+                            <tbody>
+                            <tr>
+                                <td>token</td>
+                                <td>{access_token}</td>
+                                <td>是</td>
+                                <td></td>
+                            </tr>
+                            <tr>
+                                <td>client_id</td>
+                                <td>{client_id}</td>
+                                <td>是</td>
+                                <td></td>
+                            </tr>
+                            </tbody>
+                        </table>
+                        请求示例:
+                        <p>
+                            <code>http://localhost:8080/spring-oauth-server/oauth/check_token?token=e2996930-8398-44fd-8de5-7d1b1624ced7&client_id=mobile-client</code>
+                        </p>
+
+                    </div>
+                    <br/>
+
+                    <strong>响应</strong>
+
+                    <ul class="list-group">
+                        <li class="list-group-item">
+                            <p>
+                                正常 [200]<br/>
+                                <mark>
+                                    {"aud":["mobile-resource"],"exp":1505878459,"user_name":"mobile","authorities":["ROLE_MOBILE","ROLE_USER"],"client_id":"mobile-client","scope":["read","write"]}
+                                </mark>
+                            </p>
+                        </li>
+                        <li class="list-group-item">
+                            <p>
+                                异常 [401]<br/>
+                                <mark>
+                                    {"error":"invalid_token","error_description":"Token was not recognised"}
+                                </mark>
+                            </p>
+                        </li>
+                    </ul>
+                </li>
+            </ul>
+        </div>
 
         <div class="well well-sm" id="refreshToken">
             <p class="pull-right"><a href="">返回</a></p>