Is there documentation on the security for this endpoint?
The authentication is by client & secret
1.) Is the requirement that the endpoint authentication (basic authorization) must match the same client as the access_token was issued to? This seems to be the case as calling it and authenticating with a different client/agent & secret just returns active: false every time
2.) I have been unable to authenticate to this endpoint with a client/secret for an agent that is not in the root realm