This repository has been archived by the owner on Apr 13, 2022. It is now read-only.
Can an ID provider access all services? #5
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Maybe I'm a bit confused, but if the only authentication done by the user is to the id providing service, couldn't any ID provider sign in to any connected service without the users' consent? This seems like a reasonable edge case when we use trusted centralized ID providers such as Google and FB, but seems very dangerous for decentralized services.
The text was updated successfully, but these errors were encountered: