From b54598ed6c177578720eeb96360ba66611e4fac4 Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Tue, 28 Jan 2025 10:02:06 +0100
Subject: [PATCH] Clarify why one would override the introspection_endpoint

---
 docs/setup/homeserver.md | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/docs/setup/homeserver.md b/docs/setup/homeserver.md
index a2c57e9b5..614d4b190 100644
--- a/docs/setup/homeserver.md
+++ b/docs/setup/homeserver.md
@@ -59,11 +59,14 @@ experimental_features:
     admin_token: "AnotherRandomSecret"
 
     # URL to advertise to clients where users can self-manage their account
-    account_management_url: "http://localhost:8080/account"
+    # Defaults to the URL advertised by MAS, e.g. `https://{public_mas_domain}/account/`
+    #account_management_url: "http://localhost:8080/account/"
 
-    # Optional URL to access from synapse in order to introspect oauth2 access tokens
-    # Defaults to `http://<public_mas_domain>/oauth2/introspect`
-    # introspection_endpoint: "http://localhost:8080/oauth2/introspect"
+    # URL which Synapse will use to introspect access tokens
+    # Defaults to the URL advertised by MAS, e.g. `https://{public_mas_domain}/oauth2/introspect`
+    # This is useful to override if Synapse has a way to call the auth service's
+    # introspection endpoint directly, skipping intermediate reverse proxies
+    #introspection_endpoint: "http://localhost:8080/oauth2/introspect"
 ```
 
 ## Set up the compatibility layer