This PR introduces the following configuration options for use when configuring the listener:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed. Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with oauth.client.id and oauth.client.secret to send BasicAuthorization header or with the oauth.server.bearer.token or oauth.server.bearer.token.location when sending BearerAuthorization header.
JWKS endpoint can now also be protected in the same way.
This PR introduces the following configuration options for use when configuring the listener:
oauth.server.bearer.token
oauth.server.bearer.token.location
The authentication configuration rules for configuring the introspection endpoint have been relaxed. Introspection endpoint can now be unprotected (no authentication configured on the listener) or it can be protected with
oauth.client.id
andoauth.client.secret
to sendBasic
Authorization
header or with theoauth.server.bearer.token
oroauth.server.bearer.token.location
when sendingBearer
Authorization
header.JWKS endpoint can now also be protected in the same way.