From @maxwellgerber:
I wanted to echo Vatsal's question from here about how this proposal alleviates the concern. The proposal says that some of the SARC data needs to come from the access token in 4.3, but doesn't dig in to how the "identity of the user" is represented.
From @maxwellgerber:
I wanted to echo Vatsal's question from here about how this proposal alleviates the concern. The proposal says that some of the SARC data needs to come from the access token in 4.3, but doesn't dig in to how the "identity of the user" is represented.