k evintest

I have the same concerns as Marco, Brandon, and Tim.  This will require an architecture change to our applications as the old method was a simple redirect, now we'd have to do the hack that Tim mentioned.  Is it possible to have an exception on a customer-level to this change, so that those that require GET can still use it, acknowledging the security concerns presented?  Or perhaps making a legacy endpoint that can still be used GET against?

For reference, we are using the method as outlined in your examples on github for c_sharp_handler.cs, that have since been deleted: https://github.com/zendesk/zendesk_jwt_sso_examples/commit/3339d075bd4cf867fec143c92b4171f5895dbb90#diff-c287878c2272ec624c5287766edcb5c035c856bad1d361363ad87340e57cf388