在OpenIdDict中使用客户端凭据时，指定的令牌无效是无效的

使用Asp.Net Core 5和OpenIdDict，我可以配置授权代码和客户端凭据：

services.AddOpenIddict()
  
  .AddCore(x => {
    x.UseEntityFrameworkCore().UseDbContext<Context>().ReplaceDefaultEntities<Application,Authorization,Scope,Token,Int32>();
  })

  .AddServer(x => {

    x.SetAuthorizationEndpointUris("/connect/authorize")
     .SetlogoutEndpointUris("/connect/logout")
     .SetTokenEndpointUris("/connect/token")
     .SetUserinfoEndpointUris("/connect/userinfo")
     .SetIntrospectionEndpointUris("/.well-kNown/openid-configuration");

    x.RegisterScopes(OpenIddictConstants.Scopes.Profile,OpenIddictConstants.Scopes.Email,OpenIddictConstants.Scopes.OfflineAccess);

    x.AllowAuthorizationCodeFlow()
     .AllowRefreshTokenFlow()
     .AllowClientCredentialsFlow();

    x.AddDevelopmentEncryptionCertificate().AddDevelopmentSigningCertificate();

    x.UseAspNetCore()
     .EnableAuthorizationEndpointPassthrough()
     .EnablelogoutEndpointPassthrough()
     .EnabletokenEndpointPassthrough()
     .EnableuserinfoEndpointPassthrough()
     .EnableStatusCodePagesIntegration();
    })

  .AddValidation(x => {
    x.UseLocalServer();
    x.UseAspNetCore();
  });

在API上，我有：

 services.AddOpenIddict()
  .AddValidation(x => {
    x.SetIssuer("https://localhost:5000");
      x.AddAudiences("api");
      x.UseIntrospection().SetClientId("api").SetClientSecret("SecretAPI");
      x.UseSystemNetHttp();
      x.UseAspNetCore();
    });

然后我有了客户端和API应用程序：

  OpenIddictApplicationDescriptor mvc = new OpenIddictApplicationDescriptor {
    ClientId = "mvc",ClientSecret = "SecretMVC",ConsentType = OpenIddictConstants.ConsentTypes.Explicit,Permissions = {
        OpenIddictConstants.Permissions.Endpoints.Token,OpenIddictConstants.Permissions.GrantTypes.ClientCredentials,OpenIddictConstants.Permissions.Prefixes.Scope + "api"
      }
    };

      
  OpenIddictApplicationDescriptor api = new OpenIddictApplicationDescriptor {
    ClientId = "api",ClientSecret = "SecretAPI",Permissions = {
      OpenIddictConstants.Permissions.Endpoints.Introspection
    }
  };

我可以使用Insomnia Rest Client和Client Credentials获得访问令牌。

但是当我使用给定的访问令牌调用API时，会出现以下错误：

Bearer error = "invalid_token",error_description = "The specified token is invalid."

为什么会这样？

更新

在日志中，我有以下内容：

[12:09:52 Debug] OpenIddict.Validation.OpenIddictValidationdispatcher
The event OpenIddict.Validation.OpenIddictValidationEvents+HandleIntrospectionResponseContext was marked as rejected by OpenIddict.Validation.OpenIddictValidationHandlers+HandleErrorResponse`1[[OpenIddict.Validation.OpenIddictValidationEvents+HandleIntrospectionResponseContext,OpenIddict.Validation,Version=3.0.0.0,Culture=neutral,PublicKeyToken=35a561290d20de2f]].

[12:09:52 Debug] OpenIddict.Validation.OpenIddictValidationdispatcher
An error occurred while introspecting the token.
OpenIddict.Abstractions.OpenIddictExceptions+GenericException: An error occurred while handling the introspection response.
  Error: invalid_request
  Error description: The specified HTTP method is not valid.
  Error URI:
   at OpenIddict.Validation.OpenIddictValidationService.<>c__displayClass5_0.<<IntrospectTokenAsync>g__HandleIntrospectionResponseAsync|3>d.MoveNext()
--- End of stack trace from prevIoUs location ---
   at OpenIddict.Validation.OpenIddictValidationService.IntrospectTokenAsync(Uri address,String token,String type,CancellationToken cancellationToken)
   at OpenIddict.Validation.OpenIddictValidationService.IntrospectTokenAsync(Uri address,CancellationToken cancellationToken)
   at OpenIddict.Validation.OpenIddictValidationHandlers.IntrospectToken.HandleAsync(ProcessAuthenticationContext context)

[12:09:52 Debug] OpenIddict.Validation.OpenIddictValidationdispatcher
The event OpenIddict.Validation.OpenIddictValidationEvents+ProcessAuthenticationContext was successfully processed by OpenIddict.Validation.OpenIddictValidationHandlers+IntrospectToken.

解决方法