|
|
|
|
|
|
by portaouflop
547 days ago
|
|
|
Easily preventable. Ask the user to supply a credential before linking the accounts or only allow account linking if the email is verified at the idp (as someone else noted this is not possible for all idps but for google it is) |
|
|