Comment by vintermann
14 hours ago
Your OAuth provider can also vouch for anyone who pretends to be you, if they so desire. They can give access to anyone, including themselves.
14 hours ago
Your OAuth provider can also vouch for anyone who pretends to be you, if they so desire. They can give access to anyone, including themselves.
Microsoft SSO does exactly this. They let you pretend to be someone else's email, making their SSO service pointless since you still need to do email verification anyways (at which point, just send a login token to sign them in, instead of using SSO).