Do I know anyone involved with @LoginDotGov? I found a few (minor) issues with the OAuth/OpenID docs there https://developers.login.gov/oidc/

@aaronpk I can find the correct people or pass it along if you want

@aaronpk you would use this mechanism: 18f.gsa.gov/vulnerabi...

"We accept and discuss vulnerability reports on HackerOne, via email at tts-vulnerability-reports@gsa.gov, or through the form"

HackerOne is the preferred reporting.

@DoctorMac Thanks, it's not a security issue, just some misleading wording in the docs. I sent them a PR to fix it!