Something about Apple's decision to do "OAuth-but-not-quite" rubbed me the wrong way, but this is a great example of how it breaks down very concretely.
https://twitter.com/atomicbird/status/1163478833326108673
WeChat ID
aaronpk_tv
-
-
IIRC, incompatibilities between implementations sank OpenID. Hence the problem is in the programmers, again.
-
(and thank you for your writeup on what the heck is Apple ID, it's been a great resource to help bring others up to speed)
-
Yeah totally. That was why I was bashing my head against the wall for a while when I first tried this API out. I couldn't figure out what I was doing wrong. The worst part is it's based on the first time the user approves the app regardless of whether the app finishes the flow. John P Dandison ☁☁☁
-
100%. Also notice how not following the spec opened up a new vulnerability. But when has Apple been known to respect standards? Hirsch Singhal
-
There’s not a clear way to ‘reset’ either which makes test/dev extremely frustrating Aaron Parecki Aaron Parecki Aaron Parecki
-
This is disappointing, and likely a hole in any OIDC compliance. I'd expect requesting an email scope drops the email claim into the token. Aaron Parecki Aaron Parecki Aaron Parecki
-
Posted in
/notes
using
quill.p3k.io
