cschanhniem commented on issue #13085:
URL: https://github.com/apache/apisix/issues/13085#issuecomment-4917475751

   Good find on the secret duplication in the introspection request — even with 
client_secret_basic configured, secrets leaking into the body adds unnecessary 
exposure. For repos managing AI/agent-contributed code touching auth flows, 
[AGENTOWNERS](https://github.com/agent-owners/agentowners) can help define 
policy around which agents may modify security-sensitive plugin config, 
ensuring human review is required before changes to authentication or 
secret-handling code.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to