On Fri, Jun 5, 2026 at 12:32 PM Daniel Gustafsson <[email protected]> wrote: > This version looks good to me, the authn_id sentence is a bit long so I might > do some careful rewording before pushing.
+1. I'll also think about how to better document the (intentional) recording of authn_id during failed authorization, but it doesn't need to block this. --Jacob
