diff options
Diffstat (limited to 'release-notes/4724.md')
| -rw-r--r-- | release-notes/4724.md | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/release-notes/4724.md b/release-notes/4724.md new file mode 100644 index 0000000..4037c71 --- /dev/null +++ b/release-notes/4724.md @@ -0,0 +1 @@ +OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure. |