When requesting an access token via the Authorization Code Grant flow, the integration key provided in the Authorization header is not being validated.

For testing, I intentionally sent an invalid or even empty integration key in the header, but the /oauth/token endpoint still returned a 200 OK with a valid access_token and refresh_token.