|
|
|
|
|
|
by derangedHorse
2750 days ago
|
|
|
When a service typically uses an external identity provider, they usually still have local accounts that are created and linked to that form of authentication. Of course the user will always need to authenticate using that same external identity provider ,but it can be forced by the application server by initiating oauth without provocation in the backend. What this seems like is after the user initially logged in and consented with Google, Quora went ahead and decided that they would initiate the oauth flow whenever the user visits the page regardless of whether the user explicitly hits the login button or not. |
|
|