diff --git a/docs/docs/endpoints/introspect.mdx b/docs/docs/endpoints/introspect.mdx
index bb1075b5..7c5f0723 100644
--- a/docs/docs/endpoints/introspect.mdx
+++ b/docs/docs/endpoints/introspect.mdx
@@ -23,6 +23,19 @@ app.post("/token/introspect", async (req: Express.Request, res: Express.Response
});
```
+### Configure
+
+Client credentials authentication is enabled by default. To disable, set `authenticateIntrospect` to `false`.
+
+```ts
+const authoriztionServer = new AuthorizationServer(
+ ...,
+ {
+ authenticateIntrospect: false,
+ }
+);
+```
+
### Request
A complete token introspection request will include the following parameters:
@@ -61,6 +74,22 @@ You can authenticate by passing the `client_id` and `client_secret` as a query s
```
+
+ ```ts
+ new AuthorizationServer(..., {
+ authenticateIntrospect: false,
+ })
+ ```
+
+ ```http request []
+ POST /token/introspect HTTP/1.1
+ Host: example.com
+ Content-Type: application/x-www-form-urlencoded
+
+ token=xxxxxxxxxx
+ &token_type_hint=refresh_token
+ ```
+
diff --git a/docs/docs/endpoints/revoke.mdx b/docs/docs/endpoints/revoke.mdx
index 62048b3d..82f3ad03 100644
--- a/docs/docs/endpoints/revoke.mdx
+++ b/docs/docs/endpoints/revoke.mdx
@@ -23,6 +23,19 @@ app.post("/token/revoke", async (req: Express.Request, res: Express.Response) =>
});
```
+### Configure
+
+Client credentials authentication is enabled by default. To disable, set `authenticateRevoke` to `false`.
+
+```ts
+const authoriztionServer = new AuthorizationServer(
+ ...,
+ {
+ authenticateRevoke: false,
+ }
+);
+```
+
### Request
A complete token revocation request will include the following parameters:
@@ -61,6 +74,23 @@ You can authenticate by passing the `client_id` and `client_secret` as a query s
```
+
+ ```ts
+ new AuthorizationServer(..., {
+ authenticateRevoke: false,
+ })
+ ```
+
+ ```http request []
+ POST /token/revoke HTTP/1.1
+ Host: example.com
+ Content-Type: application/x-www-form-urlencoded
+
+ token=xxxxxxxxxx
+ &token_type_hint=refresh_token
+ ```
+
+
diff --git a/docs/docs/grants/authorization_code.mdx b/docs/docs/grants/authorization_code.mdx
index 792360c0..dea31f70 100644
--- a/docs/docs/grants/authorization_code.mdx
+++ b/docs/docs/grants/authorization_code.mdx
@@ -105,7 +105,7 @@ The authorization server will respond with the following response
- **token_type** will always be `Bearer`
- **expires_in** is the time the token will live in seconds
- **access_token** is a JWT signed token and is used to authenticate into the resource server
-- **refresh_token** is a JWT signed token and can be used in with the [refresh grant](#refresh-token-grant)
+- **refresh_token** is a JWT signed token and can be used in with the [refresh grant](./refresh_token.mdx)
- **scope** is a space delimited list of scopes the token has access to
diff --git a/docs/docs/grants/password.mdx b/docs/docs/grants/password.mdx
index 1abcde02..37061780 100644
--- a/docs/docs/grants/password.mdx
+++ b/docs/docs/grants/password.mdx
@@ -70,7 +70,7 @@ The authorization server will respond with the following response
- **token_type** will always be `Bearer`
- **expires_in** is the time the token will live in seconds
- **access_token** is a JWT signed token and is used to authenticate into the resource server
-- **refresh_token** is a JWT signed token and can be used in with the [refresh grant](#refresh-token-grant)
+- **refresh_token** is a JWT signed token and can be used in with the [refresh grant](./refresh_token.mdx)
- **scope** is a space delimited list of scopes the token has access to
diff --git a/docs/docs/grants/refresh_token.mdx b/docs/docs/grants/refresh_token.mdx
index 5b808532..6d465d08 100644
--- a/docs/docs/grants/refresh_token.mdx
+++ b/docs/docs/grants/refresh_token.mdx
@@ -63,7 +63,7 @@ The authorization server will respond with the following response
- **token_type** will always be `Bearer`
- **expires_in** is the time the token will live in seconds
- **access_token** is a JWT signed token and is used to authenticate into the resource server
-- **refresh_token** is a JWT signed token and can be used in with the [refresh grant](#refresh-token-grant)
+- **refresh_token** is a JWT signed token and can be used in with the refresh grant (this one)
- **scope** is a space delimited list of scopes the token has access to
diff --git a/docs/docs/upgrade_guide.md b/docs/docs/upgrade_guide.md
index 99478cfd..abfd6a0a 100644
--- a/docs/docs/upgrade_guide.md
+++ b/docs/docs/upgrade_guide.md
@@ -48,7 +48,7 @@ In v3, `enableGrantType` has been updated for the **"authorization_code"** and *
#### Authorization Code Grant
-`AuthorizationCodeGrant` now requires a [AuthorizationCodeRepository](./getting_started/repositories.mdx#authorization-code-repository) and a [UserRepository](./getting_started/repositories.mdx#user-repository).
+`AuthorizationCodeGrant` now requires a [AuthorizationCodeRepository](./getting_started/repositories.mdx#auth-code-repository) and a [UserRepository](./getting_started/repositories.mdx#user-repository).
**Before (v2.x):**