Brian Pontarelli

Ah. Got it now. That's quite the limitation of the JS system and it makes no sense that the system would be rounding UP. That's just crazy talk. Honestly, I've...

Have you all reviewed the Open API specification? We are likely going to be moving to Open API here soon, so take a look there and let us know what...

I checked the standard Sony login page and it is still using OAuth. I'd be very surprised if they deprecated all of the PSN login support. It also looks like...

A good example is something like this (application is synonymous with client): 1. Application uses Personal (i.e. human clicking) OAuth flow to get an access token and refresh token 2....

@njwatson32 - a grace period would certainly work. However, that type of solution should be configurable and will require some testing. It's similar in nature to a thread-safety issue where...

@dickhardt - Ah. That makes sense. Though leaking keys and refresh tokens is still an issue. But it would at least reduce some threat vectors. However, I would only make...

@dickhardt - ah the challenge of getting customers to use features. WebAuthn is still at less than 10% adoption still. And some customers still don't use PCKE. As a vendor,...

@dickhardt - agreed on all of that. Just want to give choices and options and only use the word "MUST" when absolutely necessary. 😁

We have a fix prepared in this PR: https://github.com/FusionAuth/java-http/pull/17 I'm hoping to get a release rolled today and pull the new version into a few FusionAuth projects soon. It will...