It looks like Microsoft is shutting down some of the shenanigans I have been using with TokenSmith URL's to bypass device code flow scenarios... and bypassing some CA policies. For Example I have been using the ZTNA Network Access Client client ID for some know bypass fun with Entra Scopes >> entrascopes.com/?appId=038ddad… RIP #Azure #Pentesting #Cloud

@rootsecdev Hey there, author of TokenSmith here - yeah we never intended people to use that directly for phishing - landing someone at /nativeclient a pretty odd UX

@rootsecdev No one listens to those messages, anyways.