Untitled

During the retest, a review of the OAuth configuration revealed that the settings are in their default state, with all OpenID attributes using default algorithms, including the HS256 algorithm. This algorithm is considered weak due to its symmetric nature, as it uses a single shared key for both signing and verifying tokens. The observed algorithms across various realms include: