I feel logical bugs around OAuth/OIDC/JWT handling are on the rise - and they are like the login form SQL injections of the past („be whoever you want to be“).
Love those standards and their capabilities - but are they getting too complicated?
Love those standards and their capabilities - but are they getting too complicated?