Actually this morning I used the authorize endpoint to get a SPA token
then I sent a post request in the postman to the introspect endpoint with the access token in the authentication header, the response status is 200. Everything is fine.
However, after a while, I tried again to get a new token and send to introspect endpoint, every time the response status is 403 forbidden. But the access token can be parsed by the jwt.io debugger correctly.
So that means the same operation but only work for the very first time. (note: I also tried different nonce and state, but the result is 403 forbidden)
Any idea about this?
Thanks & Regards,