Patrice Amiel

Talking with security guys, you proposal looks better as it avoids any attempt to forge a URL that will workaround the protection => having a parameter in Apache conf that...

Any idea on when this enhancement could be integrated into a release?

By "commercial offer _around_ mod_auth_openidc", do you mean providing commercial support? Can you confirm that, beyond this commercial offer, you still plan to provide a free opensource delivery of mod_auth_openidc...

Sorry, missing some context: Nexus OSS 3.15.2-01