How OpenID over OAuth 2.0 can be trusted?
I am trying to implement "Login with Google/Apple etc…" on a web platform and I can’t wrap my head around how you can trust the response that supposedly comes from the resource server owned by these platforms.
For comparison, w… Continue reading How OpenID over OAuth 2.0 can be trusted?