|
|
|
|
|
|
by brentonator
2381 days ago
|
|
|
I'd recommend using an OpenID Connect provider to authenticate if you're concerned about their practices but it's just as easy to improperly implement auth even with mainstream libraries to help you connect something like Auth.0 to your app. e.g. Don't assume the email address is owned by the person making the claim. You can sign up for an account with an email and if it's not verified or the verification is mis-clicked or phished into being clicked the original account owner would never know the difference. Still, at least with OpenID Connect you know your password isn't sitting in plain text. |
|
|