Because an access token can expire at any time, the only way to validate a token is to try and use it. If there was an endpoint to validate an access token, it could return "yes, valid", the token could expire immediately after, and then when you try to use the token, it does not work.