Pieter Ennes
Pieter Ennes
I'm in favour of this as I'll be able to spend less time going forward.
If we do this, would this void or simplify #593 to a large extend? If so, then it might be the better direction in the first place?
> I think we can rely on the existence of the client_secret to define if they are confidential or public. I agree this is how it should be in practice,...
That would need to be a change done by the caller in the `RequestValidator` then, right? Would we get the same effect, but then for everyone, if we change the...
I also wonder if most people would wrap the whole request in a database transaction usually. I think this issue doesn't exist in that case...
My `__init__()` for an OIDC Server is indeed about 150 lines long...
The tagline in the top-level README also mentions Python 3.6.
> Suggestion 1) > We could update the endpoint.revocation.create_revocation_response to call request_validator.revoke_token(..) and raise invalid_grant if the call return False. Would that be the only possible error `revoke_token()` might want...
Makes me wonder if we should stop supporting OAuth1 in 3.0 or 4.0...
There's a [reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-lambda-function.html#cfn-lambda-function-vpcconfig) in the AWS docs to this: > When you specify the `VpcConfig` property, AWS CloudFormation might not be able to delete the stack if another resource in...