Spring Security Support Bearer Token Authentication of Introspection endpoint

Related to https://github.com/spring-projects/spring-security/issues/5200 and https://github.com/spring-projects/spring-security/pull/6352#discussion_r247270792

The OAuth 2.0 Introspection Response RFC allows a resource server to use a bearer token as authentication for an introspection request:

To prevent token scanning attacks, the endpoint MUST also require some form of authorization to access this endpoint, such as client authentication as described in OAuth 2.0 [RFC6749] or a separate OAuth 2.0 access token such as the bearer token described in OAuth 2.0 Bearer Token Usage [RFC6750]. The methods of managing and validating these authentication credentials are out of scope of this specification.

Comment From: jgrandja

@jzheaux This issue is quite old. Is it still valid?

Comment From: jzheaux

I've added some more detail to clarify that this is a currently unimplemented feature related to the introspection RFC.