#ZegnatFor Introspection? Not really. As long as the endpoint is not giving any information that IndieAuth was not already providing to clients anyway, there is no problem with the access token for the introspection endpoint being the same as the token you are inspecting