From e0252003b7c785266d8b67b94113f165c05e4e11 Mon Sep 17 00:00:00 2001 From: Stian Thorgersen Date: Fri, 21 Apr 2017 11:11:43 +0200 Subject: [PATCH] Remove note that introspection endpoint is protected by bearer token as it's not --- securing_apps/topics/oidc/oidc-generic.adoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/securing_apps/topics/oidc/oidc-generic.adoc b/securing_apps/topics/oidc/oidc-generic.adoc index 9621af7706..d40188449d 100644 --- a/securing_apps/topics/oidc/oidc-generic.adoc +++ b/securing_apps/topics/oidc/oidc-generic.adoc @@ -67,7 +67,7 @@ The certificate endpoint returns the public keys enabled by the realm, encoded a /realms/{realm-name}/protocol/openid-connect/token/introspect .... -The introspection endpoint is used to retrieve the active state of a token. It is protected by a bearer token and can only be invoked by confidential clients. +The introspection endpoint is used to retrieve the active state of a token. It is can only be invoked by confidential clients. For more details see https://tools.ietf.org/html/rfc7662[OAuth 2.0 Token Introspection specification].