I’m trying to setup an internal endpoint to introspect tokens but it seems that is not possible for public clients as they have no secret.
I’ve tried to check what Hydra does but couldn’t find where the
NewIntrospectionRequest is called or how this is implemented as in the docs for hydra doesn’t require Authorization headers. (https://www.ory.sh/hydra/docs/guides/oauth2-token-introspection)
Ideally I will put this not through the API and to be an RPC call instead but not able to figure out how to implement it.
Did anyone did this? Any ideas on how get this to work without authorization?