> Somehow. This word, revoke. It appears in OIDC exactly twice. You can look it up yourself. In order to get a new access token, you have to hit an authorization server URL, not an application server URL, with your…
> Regarding that last, there's a lot of brainpower put towards edge cases and security in the OAuth working group This is obviously why people should adopt OIDC. I don't really get the hate for OIDC. Nothing says…
> Somehow. This word, revoke. It appears in OIDC exactly twice. You can look it up yourself. In order to get a new access token, you have to hit an authorization server URL, not an application server URL, with your…
> Regarding that last, there's a lot of brainpower put towards edge cases and security in the OAuth working group This is obviously why people should adopt OIDC. I don't really get the hate for OIDC. Nothing says…