Why is /oauth2/introspect privat?


#1

As said in topic, why is it on the admin port?

I’m not sure yet :slight_smile:


#2

Because it contains sensitive information (like session data) and is for protected resources (APIs) from first parties. Don’t expose this to the public.


#3

Please explain me or give a link to the docs when to open 4445 for external access and if you would ever do this?

To explain more: I want to use minAdmin also as OAuth2 Provider for 3rd parties, will this work without 4445 or not?


#4

It’s easy: If you don’t know what you’re doing, don’t open 4445 to the public.


#5

Sounds like an answer. :slight_smile: