13Ara
In the Oauth2 client credentials grant, why do we use tokens instead of authorizing directly at each api call?
Since we are dealing with server to server communication, couldn’t we just send the credentials at each api call?
13Ara
Which characters are legal in OpenID Connect subject identifiers?
Are any of the "control characters" legal? That is, those in the range 0x00 to 0x1F, legal? For instance, carriage return, line feed, tab, or zero? What about 0x7F?
The OIDC spec just says "The sub value is a case-sensitive …
