leastprivilege.com
Fixing OAuth 2.0 with OpenID Connect?
I didn’t like Nat’s Fixing OAuth? post. “For protecting a resource with low value, current RFC6749 and RFC6750 with an appropriate constraint should be good enough…For prote…