Kévin Chalet

> OpenIddict/ASOS would be a more suitable alternative, since it's open source under MIT licence and not some proprietary license with no predictability of legal decisions. @TsengSR FYI, ASOS was...

As mentioned in https://github.com/aspnet-contrib/AspNet.Security.OpenId.Providers/pull/126#pullrequestreview-968320799, this project is not funded and no longer actively developed (not to mention OpenID 2.0 is basically a dead protocol). That said, if you're interested in...

Nice to see that happening 👍🏻 Something worth noting (but I'm sure it was already mentioned): unlike the legacy/implementation-specific `actort` claim, the standard `act` claim defined by the RFC8693 specification...

It still seems the actor is serialized as a JWT instead (of a JSON object as required by the specification) in the latest commits. Is it planned to adopt the...

> So, can you please provide us with more details on what your expectations are? Sure: I'd expect `ClaimsIdentity.Actor` to be automatically serialized as a JSON object and used to...

> Would it be reasonable if it performs minimal validation—extracting claims and embedding them in ClaimsIdentity.Actor recursively for the main and nested actors? Sure, that's perfectly reasonable 👍🏻

> @kevinchalet experiment at [20e8126](https://github.com/opnsense/core/commit/20e8126d94acc944023d15038f81bf07b4c4d4cc) It seems to be working fine on a VLAN interface using a spoofed MAC address (the parent, physical interface is not configured or attached) 👏🏻...

Seems to be working fine, @fichtner! 👍🏻

Hey, Looks like https://github.com/opnsense/core/commit/afe9c107665b3fb6a5f9167bf60e7399b0f06957 reverted this change in 24.7 (don't ask me how I discovered it 🤣). Do you plan on revisiting it in the next version? Cheers.

> Master has a different fix to retain the new behaviour for eventual 24.7.x release. Ah, nice, thanks! I can indeed see you added a `$mac_next !== '00:00:00:00:00:00'` in `master`....