Brute force protection for OIDC
We should have the same answer in token or userinfo response, we should have the same answer if the client_id is unknown or client_secret is bad.
We may have this issue in other REST calls in 2.0?
We should have the same answer in token or userinfo response, we should have the same answer if the client_id is unknown or client_secret is bad.
We may have this issue in other REST calls in 2.0?