|
|
|
|
|
|
by kr0bat
912 days ago
|
|
|
It sounds like the issue is that these service providers are obeying Google's aliasing rules, but also ignoring the fact that you shouldn't be using email as a primary identifier [1]? It's funny, if they had adhered to the spec more they'd be fine; but if they adheredess and treated alias' as distinct emails, these platforms would at least be more secure. [1] https://developers.google.com/identity/openid-connect/openid... |
|
|