diff --git a/README.md b/README.md
index 7a5175a8e78..d952e3e0e63 100644
--- a/README.md
+++ b/README.md
@@ -147,11 +147,9 @@ hydra
 
 The **[tutorial](https://ory-am.gitbooks.io/hydra/content/demo.md)** teaches you to set up Hydra,
 a RethinkDB instance and an exemplary identity provider written in React using docker compose.
-It will take you about 5 minutes to get complete the **[tutorial](https://ory-am.gitbooks.io/hydra/content/demo.md)**.
+It will take you about 5 minutes to get complete the **[tutorial](https://ory-am.gitbooks.io/hydra/content/demo.html)**.
 
-<img src="docs/dist/oauth2-flow.gif" alt="OAuth2 Flow">
-
-<img alt="Running the example" align="right" width="35%" src="docs/dist/run-the-example.gif">
+<img src="docs/dist/images/oauth2-flow.gif" alt="OAuth2 Flow">
 
 <br clear="all">
 
@@ -163,7 +161,7 @@ OAuth2 and OAuth2 related specifications are over 200 written pages. Implementin
 Even if you use a secure SDK (there are numerous SDKs not secure by design in the wild), messing up the implementation
 is a real threat - no matter how good you or your team is. To err is human.
 
-An in-depth list of security features is listed [in the security guide]().
+An in-depth list of security features is listed [in the security guide](https://ory-am.gitbooks.io/hydra/content/basics/security.html).
 
 ## Reception
 
diff --git a/cmd/server/handler_oauth2_factory.go b/cmd/server/handler_oauth2_factory.go
index 66ce26349d8..9a3c72f40d6 100644
--- a/cmd/server/handler_oauth2_factory.go
+++ b/cmd/server/handler_oauth2_factory.go
@@ -17,6 +17,7 @@ import (
 	"github.com/ory-am/hydra/pkg"
 	"golang.org/x/net/context"
 	r "gopkg.in/dancannon/gorethink.v2"
+	"github.com/ory-am/hydra/herodot"
 )
 
 func injectFositeStore(c *config.Config, clients client.Manager) {
@@ -122,6 +123,7 @@ func newOAuth2Handler(c *config.Config, router *httprouter.Router, km jwk.Manage
 	consentURL, err := url.Parse(c.ConsentURL)
 	pkg.Must(err, "Could not parse consent url %s.", c.ConsentURL)
 
+	ctx := c.Context()
 	handler := &oauth2.Handler{
 		ForcedHTTP: c.ForceHTTP,
 		OAuth2:     o,
@@ -132,6 +134,14 @@ func newOAuth2Handler(c *config.Config, router *httprouter.Router, km jwk.Manage
 			DefaultIDTokenLifespan:   c.GetIDTokenLifespan(),
 		},
 		ConsentURL: *consentURL,
+		Introspector: &oauth2.LocalIntrospector{
+			OAuth2: o,
+			AccessTokenLifespan: c.GetAccessTokenLifespan(),
+			Issuer : c.Issuer,
+
+		},
+		Firewall:       ctx.Warden,
+		H:      &herodot.JSON{},
 	}
 
 	handler.SetRoutes(router)
diff --git a/sdk/client.go b/sdk/client.go
index 9708395a7e3..079ec32c264 100644
--- a/sdk/client.go
+++ b/sdk/client.go
@@ -11,6 +11,7 @@ import (
 	"github.com/ory-am/hydra/jwk"
 	"github.com/ory-am/hydra/pkg"
 	"github.com/ory-am/hydra/policy"
+	hoauth2 "github.com/ory-am/hydra/oauth2"
 	"github.com/ory-am/hydra/warden"
 	"golang.org/x/net/context"
 	"golang.org/x/oauth2"
@@ -44,6 +45,8 @@ type Client struct {
 	// Warden offers Access Token and Access Request validation strategies.
 	Warden *warden.HTTPWarden
 
+	Introspector *hoauth2.HTTPIntrospector
+
 	http          *http.Client
 	clusterURL    *url.URL
 	clientID      string
@@ -115,6 +118,11 @@ func Connect(opts ...option) (*Client, error) {
 		Client:   c.http,
 	}
 
+	c.Introspector = &hoauth2.HTTPIntrospector{
+		Endpoint: pkg.JoinURL(c.clusterURL, hoauth2.IntrospectPath),
+		Client:   c.http,
+	}
+
 	c.JWK = &jwk.HTTPManager{
 		Endpoint: pkg.JoinURL(c.clusterURL, "/keys"),
 		Client:   c.http,