Jack Ussher-Smith

@jphines - ready for re-review. Main new logic changes consist of the change to the raised error if an unauthorised upstream is being requested to better handle the graceful introduction...

Hi @cameronattard! Thanks for creating this issue. I don’t think this is something that we have the capacity to implement right now, but we’d be happy to accept and work...

Hey @HonlinRen 👋, Assuming you've not made any local changes, could I just confirm which commit you're working from? The `TestSignatureRoundTripDecoding` test passes locally for me on both the `3.0.0`...

Hey @omerxx, Thank you for submitting this, and I'm sorry for the difficulties you've faced; I appreciate you sticking with it and working through the problem though! While I haven't...

Hi @namm2 (and @svenmueller!). Thanks for sending this through, and apologies for not getting back to you yet. I'll be taking some time next week to properly work through this...

Hi @namm2, Would you mind confirming that the email address set in the `PROVIDER_*_GOOGLE_IMPERSONATE` (that is going by SSO `v2.0.0` config vars, I believe it was `GOOGLE_ADMIN_EMAIL` before that) environment...

Hi @omerlh! 👋 Thanks for sending this through. As you mentioned, the configuration library that we're now making use of (as of `v2.0.0`) should help with this! I believe we're...

Looking back through this, I have some new thoughts: Allowing the _only_ defined validator to be used with a wildcard isn't new to SSO, and also actually remains possible using...

Marked as ready for review, but see Notes in description.

This looks great @sporkmonger, and thank you for your patience! I've left some comments to start with!