Y
Hacker News
new
|
ask
|
show
|
jobs
by
radlad
523 days ago
Right, this additional check should not be necessary in a typical OAuth or OIDC flow. This workaround is only necessary in this case because the API Google offers to services has a hole in it.