Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

hey there
I am using a gateway in between my client and app server and the gateway does oauth introspection. Oryhydra is accepting client_id and client_secret in a client_secret_post and fetching the token from token endpoint for the gateway to introspect. Now I am running into an issue while I use the token to authenticate, for some reason.
What my gateway is doing is using the same client_id and client_secret as well.
I was confused with this <https://www.ory.sh/docs/hydra/guides/oauth2-token-introspection|doc page> where it says I need to use a key for the same? does it mean I need to use the key in the gateway to validate against the token introspection end point, instead of putting the client_id and client_secret in it?