stephenagreer
commented
1 year ago Looks good to me. We should get a list together of all the places we remove the csrf gem from apps we've integrated with nitro ID to line up with the new release.
I don't think any apps use it currently. example-rails-app and tempo are currently using GET as the OAuth request method.
We shouldn't be using GET requests for OAuth requests. This prevents that and adds a token verifier.