|
|
|
|
|
|
by jbverschoor
1370 days ago
|
|
|
There are two problems here 1) let a third party handle authentication (Code) 2) let a third party handle authentication (SSO) Number 1: don't do that
Number 2: Only do that if you are in control of SSO, or if you are very certain you won't have problems contacting the provider. (so not google in this case) |
|
|
In reality: you do this if TCO of doing it internally < TCO of doing it externally + risk. There's quite a few people who estimate the risk is worth it.