Ory is the largest open source community in the world for cloud software application security. We maintain advanced open source security software solving authentication, authorization, access control, application network security, and delegation. Ory implements a variety of industry and best-practice standards including OAuth 2.0 / OAuth 2.1, OpenID Connect, Zero Trust Networking, Google Zanzibar Policy Framework, FIDO2 U2F, WebAuthn, TOTP, and more.

Ory Community

Hi there,
I've been setting up Hydra locally (using Docker, v2.2.0-rc.2) with the auth code flow &amp; OIDC, and managed to get my (opaque) tokens from the `/oauth2/token` endpoint.
However I'm not able to introspect the access or refresh tokens, either by using the API or the `hydra introspect token` cmd from within the Hydra container.
I'm only getting `{"active": false}` and Hydra logs have `message:request_unauthorized reason:Check that you provided valid credentials in the right format. status:Unauthorized status_code:401`.
I tried to make it work many different ways, using `client_id`/`client_secret` as `x-www-form-urlencoded` params along with the `token`, as an `Authentication: Basic` header, without any auth at all. But since it doesn't even work from the command line I'm not sure it's an endpoint authentication issue. May anyone know what could be wrong please?