17May
Is passing claims about the user in an access token "abusing" OpenID Connect?
First, let me assure you that I have read a number of posts on the topic before asking this question, but I am still confused and would appreciate more insights.
So, here’s the premise:
There is a client application that authenticates t…
