From e68b9d00a6e05b3a941f63ffb696f91e554ac5ec Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 18 Oct 2024 20:33:49 +0200 Subject: Adding upstream version 9.0.3. Signed-off-by: Daniel Baumann --- release-notes/4724.md | 1 + 1 file changed, 1 insertion(+) create mode 100644 release-notes/4724.md (limited to 'release-notes/4724.md') diff --git a/release-notes/4724.md b/release-notes/4724.md new file mode 100644 index 0000000..4037c71 --- /dev/null +++ b/release-notes/4724.md @@ -0,0 +1 @@ +OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure. -- cgit v1.2.3