Hi @aaronpk, what credentials should the RS use for the token introspection with the AS? These Okta blog posts on the CC flow all seem to use the client credentials. But isn't this bad?
https://developer.okta.com/blog/2020/11/18/build-a-graphql-nodejs-api
https://developer.okta.com/blog/2020/07/17/secure-node-api-with-koa
https://developer.okta.com/blog/2018/08/21/build-secure-rest-api-with-node
https://developer.okta.com/blog/2020/11/18/build-a-graphql-nodejs-api
https://developer.okta.com/blog/2020/07/17/secure-node-api-with-koa
https://developer.okta.com/blog/2018/08/21/build-secure-rest-api-with-node