Open
Description
Should we add language that the assertion is not constrained and should be protected.
Point out that this is a risk if no client authentication.
Aaron addresses it in his profile (client_id is included as a claim in the assertion claim).
Metadata
Metadata
Assignees
Labels
No labels