Do I know anyone involved with @LoginDotGov? I found a few (minor) issues with the OAuth/OpenID docs there https://developers.login.gov/oidc/
@aaronpk you would use this mechanism: 18f.gsa.gov/vulnerabi...
"We accept and discuss vulnerability reports on HackerOne, via email at tts-vulnerability-reports@gsa.gov, or through the form"
HackerOne is the preferred reporting.
@DoctorMac Thanks, it's not a security issue, just some misleading wording in the docs. I sent them a PR to fix it!