Deprecate oob PR #774 #1104
Description
Is your feature request related to a problem? Please describe.
#774 should probably never have been merged as it implements a deprecated non-standard feature that is a security exposure.
Describe the solution you'd like
revert the PR.
Describe alternatives you've considered
Please convince me in the comments that retaining this is a good, safe practice.
Additional context
See https://mailarchive.ietf.org/arch/msg/oauth/OCeJLZCEtNb170Xy-C3uTVDIYjM/ including the reference to google deprecating this feature.
See Google announcement here: https://developers.googleblog.com/2022/02/making-oauth-flows-safer.html?m=1#disallowed-oob