František Svoboda

Yeah, sure. Sorry for the delay, I am now browsing through all my open issues, must have missed it back then

It is a simple 1:N model (say order+order items) and I am selecting the orders and some stats about the items. Django query: ``` self.request.user.orders.all() .order_by("-ts_initiated") .annotate(paid_total=Sum(F("b__money"))) .annotate(currency=F("b__money_currency")) .annotate( pending_cnt=Sum(...

Right. Sorry. I think the culprit is an annotate clause. Once I add that, the values disappear (from WHERE): `qs.annotate(abc=Concat("foo", Value(" "), "foo2"))`

I am not at liberty to post the thing as-is, so I will create a clean install of django and produce a minimal failing scenario.

Since the pentest is a regular occurrence, I think that would not be sustainable - to keep turning this off and on again and releasing to prod.

I could argue that protection against brute force attacks is not in the scope of this module, if that is what you're saying, but hey - who am I? If...

This request is about log messages being generated. I am working under the assumption, that the caller does not have access to the Oauth app's logs.

Yes, that would be great.

I would love to have the `extraHeaders ` param of `createClientProxy()` available too - we use it to pass request IDs from client to server and have to copy parts...

We would like to have the following setup: (I'm with @merxos) - scopeA: does not require consent - scopeB: requires consent Right now it is only possible to have either:...