Chad Bentz

JWT is just a token format. Assuming a non user based call.. Check out the Oauth2 Client credential grant flow (ex: [Twitter](https://dev.twitter.com/oauth/application-only) ) as it defines with passing client secret...

The "SG0016 Controller method is vulnerable to CSRF" rule also conflicts with some newer patterns for auto validating CSRF tokens in .NET core . `Filters.Add(new AutoValidateAntiforgeryTokenAttribute());` Is there any pattern...

inspiration: https://plantuml.com/ascii-art

Any workaround to clear error? https://feedback.azure.com/forums/169401-azure-active-directory/suggestions/38510968-aad-b2c-add-support-for-ec-key-type-to-openid-con

Ever get this working or find a public sample with UserName instead of Email? Have same concern - dont want email to be unique (store in othermails). Would be nice...

Would it be OK to add [fss-advanced-security](https://github.com/orgs/advanced-security/teams/fss-advanced-security) maintainer status of this repo as well?

Awesome idea, can be a major pain point when dealing with mutliple AAD's (especially multiple B2C instances) - having the ability to customize alias these in the extension would be...

Support for windows and mac ... but not linux? Same error if i try to run in GH actions `ubuntu-latest` ```yml - name: install dotnet-core-uninstall env: GH_TOKEN: ${{ github.token }}...

Still getting this with VS2019 using[ latest deployed extension 3.0.5](https://marketplace.visualstudio.com/items?itemName=VorSecurity.AuditNet) ... any plans to publish new?  https://devblogs.microsoft.com/visualstudio/updates-to-synchronous-autoload-of-extensions-in-visual-studio-2019/

🤷