Issue #1 closed
- Use case: bank uses Mobile Connect to access secure 2nd factor, bank wants to show to the user a message related to the actual transaction on the device
- Sounds like a useful extension to openid connect (or even OAuth in general)
- Key question: how to sanitize such a message in order to prevent injection attacks?
Proposed by Gonzalo