Damian Schenkelman

I personally prefer CTRl + C. Feels more intuitive for most C# devs. Open to other opinions of course.

https://github.com/jaredhanson/passport-openidconnect/pull/16

I also took a look at Hapi.js source and they are using the `http` module which as you said uses `query string` under the covers.

Wow, that's a huge difference.

@yonjah thanks for the PR. I'm a bit backed up at work but will try to make some time to review

@ryanfitz thanks for the suggestion, but unfortunately that would not work for us :( We have a scenario in which users can create an arbitrary number of applications, each with...

@ryanfitz should I close this one?

@eventhough that's exactly what the PR does. Here's how it works: https://github.com/auth0/hapi-auth-jwt/issues/3#issuecomment-70019337

@nelsonic I see what you mean and we address that in a different way (the DDoS). How would the session id work? - We need to verify the validity of...

@nelsonic there's something I don't understand, would you give the same secret to all users? How do you know which secret to use to verify? Regarding DDoS mitigation: something like...