I'm not really sure I understand the is complaint then? So the problem the OP is... | Hacker News

Hacker Timesnew | past | comments | ask | show | jobs | submit

		ownagefool on Oct 22, 2020 \| parent \| context \| favorite \| on: OAuth 3 I'm not really sure I understand the is complaint then? So the problem the OP is worried about is a SaaS provider using OIDC to federate to corp SSO and leaking data such as that within the id_token? Otherwise, what's the leak here?

tingletech on Oct 22, 2020 [–]

iiuc, the complaint is still valid -- it's just that OIDC is what causes the attributes to be in the flow, not OAuth that causes the attributes to be in the flow.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact