Hey
I have two services (A consume B), and I used service-to-service authentication using client credentials.
It was easy to set it up. After I set it up and deployed it, I wanted to test an unauthorized case. So, I remove the app that represent service A from the allow app in the app that represent service B. And to my surprise - everything still work.
So my question is - why?
Thanks,
Omer