RFC 7662 does not define a way to authenticate at the Authorization Server. Some real world examples: - FusionAuth [does not require authentication at all](https://fusionauth.io/docs/v1/tech/oauth/endpoints/#introspect) - IdentityServer [does not use the client secret for authentication](https://identityserver4.readthedocs.io/en/latest/endpoints/introspection.html). Instead, you have to configure an API secret for this.
RFC 7662 does not define a way to authenticate at the Authorization Server. Some real world examples: