|
|
|
|
|
|
by nick-garfield
2208 days ago
|
|
|
Am I understanding the article right: the endpoint would accept any email address and generate a valid JWT without verifying the caller owned the email address? If so, what extra validation did Apple add to patch the bug? |
|
|