- updated from /square/go-jose to /go-jose/go-jose
- updates to v2.6.3
- addresses CVE-2016-9123 and CVE-2016-9121
- fixes tests that were adjusting for a 1s delay
* feat: get issuer from context for device auth
* use distinct UserFormURL and UserFormPath
- Properly deprecate UserFormURL and default to old behaviour,
to prevent breaking change.
- Refactor unit tests to test both cases.
* update example
