Comment by kr0bat
1 year ago
It sounds like the issue is that these service providers are obeying Google's aliasing rules, but also ignoring the fact that you shouldn't be using email as a primary identifier [1]? It's funny, if they had adhered to the spec more they'd be fine; but if they adheredess and treated alias' as distinct emails, these platforms would at least be more secure.
[1] https://developers.google.com/identity/openid-connect/openid...
No comments yet
Contribute on Hacker News ↗