I'd say so. Token introspection endpoint is not listed in OpenID Connect Discovery, but is in OAuth Discovery as introspection_endpoint [1]. So we should remove token_introspection_endpoint. [1] https://tools.ietf.org/html/draft-ietf-oauth-discovery-06 On Fri, 11 Jan 2019 at 15:24, Thomas Darimont < thomas.darimont(a)googlemail.com&gt; wrote: > Hello, > > I just noticed that the .well-known/openid-configuration contains 2 links > for the token_introspection_endpoint is this a bug? > > Cheers, > Thomas > > { > "issuer": "https://sso.example.com/auth/realms/master", > "authorization_endpoint": " > https://sso.example.com/auth/realms/master/protocol/openid-connect/auth ", > "token_endpoint": " > https://sso.example.com/auth/realms/master/protocol/openid-connect/token ", > * "token_introspection_endpoint": " > > https://sso.example.com/auth/realms/master/protocol/openid-connect/token/... > ", > "userinfo_endpoint": " > https://sso.example.com/auth/realms/master/protocol/openid-connect/userinfo > ", > "end_session_endpoint": " > https://sso.example.com/auth/realms/master/protocol/openid-connect/logout > ", > "jwks_uri": " > https://sso.example.com/auth/realms/master/protocol/openid-connect/certs ", > "check_session_iframe": " > > https://sso.example.com/auth/realms/master/protocol/openid-connect/login-... > ", > ... > "tls_client_certificate_bound_access_tokens": true, > * "introspection_endpoint": " > > https://sso.example.com/auth/realms/master/protocol/openid-connect/token/... > " > } > _______________________________________________ > keycloak-dev mailing list > keycloak-dev(a)lists.jboss.org > https://lists.jboss.org/mailman/listinfo/keycloak-dev > _______________________________________________ keycloak-dev mailing list keycloak-dev(a)lists.jboss.org https://lists.jboss.org/mailman/listinfo/keycloak-dev