Done, but keep in mind that now revoking / rotating a signing key won't have any effect on the introspect endpoint, therefore treating JWTs signed with an rotated out signing key are still...
Theoretically yes, but per security consideration, the following is stated:
Updated the docs to properly reflect that
Ok, I'll remove it then, and additionally I'll check and "separate" the token.user check from that call as this only indicates if the token is active, not if the caller has access to it. Imo in...
Just a quick search:
Well sure it's some kind of asymmetric, maybe it would be possible to add the introspect scope check only to the bearer functionality. Otherwise it would be possible for anyone getting an...