Calls to the OAuth2 /introspect endpoint generate an access audit event but the audit tracking ID of the access token or refresh token presented is not included in this audit event.
Due to this, we cannot correlate the audit event for the call to the /introspect with other audit events relating to the presented token.
- Install AM and setup OAuth2 provider + OAuth2 client
- Obtain an access token
- Call the /introspect endpoint with the access token