With that, and the redirect URL (and therefore trusting DNS), and the other browser security model stuff…. You’re in fairly good shape.
There’s newer standards coming like DPoP - but it’s probably not worth it yet.
With that, and the redirect URL (and therefore trusting DNS), and the other browser security model stuff…. You’re in fairly good shape.
There’s newer standards coming like DPoP - but it’s probably not worth it yet.