oauth2-server

Asking about this since the NSA recently published guidance advising the public and private sectors to transition to cryptographic algorithms that are no less than sha384 & ec384 (elliptic curves).

While Edwards' Curves are different, its worth noting that prior to this update sha256 & secp256k1 were both on the list of acceptable cryptographic algorithms. My deduction was that 128-bit securit

If not for some particular exceptions, the status code returned from our WebAPI on error is always 500, regardless of the kind of error.

If an object already exists, for example, it should be returned as 409. If the object does not pass the schema validation, it should be a 415.

Go through the whole WebAPI and verify that the status codes are being returned correctly.

Hint: Error cl