Adam Eijdenberg

I'm seeing this issue on 7.7.1 using `containerd` with the Helm chart (when using `runc` on `k3s` I see errors related to cgroups). I had Concourse deployed on `k3s`, and...

> FWIW, pausing the pipeline then un-pausing it after something longer than `resource.check_every` appears to fix this issue. I wanted to try this, but I'd cunningly set some of these...

Problem cleared itself up overnight with no intervention.

@AP-Hunt - I'm surprised to hear that Microsoft would issue tokens with different `issuer` strings if you're initiating the flow by sending the user to the `/authorize` endpoint specified in...

Notwithstanding the above, I just realised precisely what you mean - it's not just the docs that says `{tenantid}` in the URL, they actually bake that into the Issuer URL...

@46bit - don't mention `email_verified` to me - when users are created in UAA, `email_verified` is set to `true` by default, even if the so-called email address isn't actually one...

@AP-Hunt - one of the tricky things to get right with auth code like this is that while it's easy to verify that a security property change like this is...

I reverted https://github.com/tinygo-org/tinygo/commit/6435f62dcc34dd64ac7e5d57532e260a34d11c3e and built from source and verified that does resolve the issue in my environment.

UAA is most certainly doing the wrong thing by having their server not URL decode these, nor their various clients URL encode them. The RFC is unambiguous on this. I've...

@heikoettelbruecksap - I stand by the comment that the RFCs are unambiguous and do not contradict. [RFC6749#2.3.1 - Client Password](https://tools.ietf.org/html/rfc6749#section-2.3.1) states: > Clients in possession of a client password MAY...