forgejo/release-notes/4724.md


			
				
				
					
						
						
						
							
							
							OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.

						
						
					
				
				
					
						Reference in New Issue
					
					View Git Blame
					Copy Permalink