Matt MacAdam

Ahhh...I got it figured it out now. I was going down that path but was redirecting to the same domain I was requiring "authorize with mypolicy" on so I just...

Just to confirm I'm thinking about this the right way: Even if I'm using the trick above to redirect straight to a specific IdP, I will always need something that...

This is what the login flow ends up looking like for me now. I just want to make sure there isn't a way to have one domain handle the OAuth...

Does [this remote file](https://github.com/mattjm/Fujitsu_Broadlink/blob/main/smartir_remote_file_C.json) work for you? Fujitsus have this peculiarity where the control string for every function is sent for any button press on the remote. But for some...

I mentioned #12 in another thread but I wonder if that discussion applies here as well, since one proposal there is overloading the /token endpoint. I'm not quite following how...

So a similar pattern to rotating refresh tokens. Folks were discussing other options for reducing round trips in #12--you could add something like this to the simplified flow proposed there....

Are architects from Okta/Auth0 involved in discussions around this in other mediums? I feel like auth0.com and okta.com are some of the most likely domains where someone would hit this...

So just to be clear you have lines of communication already you will use to raise this?

Do we need a separate registration endpoint in this case? Could the regular callback endpoint just do the registration if the Sec-Session-Regstration-Info header is present?

I've been staring at the diagram trying to come up with some comments, and I realized there's a discrepancy that might be relevant to the discussion here. On the diagram...