Bryan Talbot

In our use case, the iOS developers choose to use the hybrid client-server flow where the client never makes the 'authorize' phase request but instead makes the request using iOS...

I'm not the iOS developer but they claim that there is no place to pass one ... and where would they get the nonce from?

> when nonce is not supported, it shouldn't be verified. > when nonce is supported, and it's included in the original request, it should be veerified. The issue is that...

If that were the only logic then my use case would work and the new spec test would pass; however, that is not what the current implementation is. The current...

> According to my research, the nonce is only accessible when authentication occurs through the REST API or Apple JS. However, on other platforms like Native iOS, defining the nonce...

OmniAuth and its plugins are Rack middleware and do not require Rails. I see that there are some rails specific extensions being used in this PR which will break when...

Seems like the best way to ensure that rails extensions are not present is to not include them in any dependency; otherwise, how can you be sure?

I'd like to submit some PRs but I see there are many PRs with no response that are never merged. I don't want to waste my time with PRs if...

This change seems to be necessary for Rack 3.1 support but not sufficient. The rack.input is no longer required to be rewindable and can be closed (perhaps by some downstream...

So the problem is that _update_by_query cannot (or does not) remove the scroll cursors it used? I should think that scroll_current should be 0 if an _update_by_query has completed (and...