Verify access_token not active with keycloak

[goffity]

I use the plugin openid-connect. To verify the validity of the access_token, this step can work normally. However, I would like to know how to check whether this access_token is still active. Initially, I tried using Keycloak's API token introspection (introspection_endpoint) to check and got the response {"active": "false"} But when I tried to call the request through Apisix, I still found that I could use that access_token to access the resource.

openid-connect configuration

"openid-connect": {
      "_meta": {
        "disable": false
      },
      "bearer_only": true,
      "client_id": "${CLIENT_ID}",
      "client_secret": "${SECRET}",
      "discovery": "https://${HOST}/realms/dev/.well-known/openid-configuration",
      "introspection_endpoint": "https://${HOST}/realms/dev/protocol/openid-connect/token/introspect",
      "introspection_endpoint_auth_method": "client_secret_basic",
      "realm": "dev",
      "scope": "openid profile"
    },