question Tag

I've had a few people ask me about the vulnerability reported on Phys.Org in OpenID and OAuth. This is not inherently a vulnerability in OpenID, but rather a potential way to get information from a website that both implements an open redirect (a big no-no) and OAuth or OpenID. What does this mean? Are are you safe and secure using OAuth and OpenID?  The truth is OAuth...

Read More