cschanhniem commented on issue #13085: URL: https://github.com/apache/apisix/issues/13085#issuecomment-4917475751
Good find on the secret duplication in the introspection request — even with client_secret_basic configured, secrets leaking into the body adds unnecessary exposure. For repos managing AI/agent-contributed code touching auth flows, [AGENTOWNERS](https://github.com/agent-owners/agentowners) can help define policy around which agents may modify security-sensitive plugin config, ensuring human review is required before changes to authentication or secret-handling code. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
