Open leastprivilege opened 3 years ago
Maybe even the default mode.
Do you plan to remove these features in a future release to be compliant with the new spec ?
no
Possibly can be done as a config validator? Look into it (and maybe just emit warning logs).
We will re-review this during the 7.1 timeframe.
Once the OAuth 2.1 spec is out - what can we do to help consumers to stay within the recommended parameters?
warnings? errors? global switch?