Go read the writeup again. The original post wasn't the ... • Aaron Parecki

Vinod Anandan https://twitter.com/_VinodAnandan • May 31
"email_verified" : "True if the End-User's e-mail address has been verified; otherwise false....."

https://openid.net/specs/openid-connect-core-1_0.html

Go read the writeup again. The original post wasn't the clearest explanation of the problem but I also posted some more details in this thread that make it clearer.

Portland, Oregon • 54°F

Sun, May 31, 2020 7:28am -07:00

6 replies
Have you written a response to this? Let me know the URL:
- Aaron Parecki twitter.com/aaronpk
  
  Alright, it's up! aaronparecki.com/2020/05/31/30/…
  
  Sun, May 31, 2020 8:50pm +00:00 (via brid-gy.appspot.com)
- Vinod Anandan twitter.com/_VinodAnandan
  
  Thanks, that will be greatly appreciated. If you could also include the sample id_token in the post, it would help to clarify some doubts.
  
  Sun, May 31, 2020 4:40pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  The original post didn’t make this clear, so I’m writing a new post to hopefully better explain the problem. You’ll see that it has nothing to do with OIDC at all. Link coming shortly, I hope.
  
  Sun, May 31, 2020 4:36pm +00:00 (via brid-gy.appspot.com)
- Vinod Anandan twitter.com/_VinodAnandan
  
  Yes, thank you. I agree that RP should be simple and IdP should be handling the complexity. AFAIU, the OIDC spec is clear about the email_verified attribute.
  
  Sun, May 31, 2020 4:35pm +00:00 (via brid-gy.appspot.com)
- Aaron Parecki twitter.com/aaronpk
  
  Please go read it again and understand the problem
  
  Sun, May 31, 2020 2:32pm +00:00 (via brid-gy.appspot.com)
- Vinod Anandan twitter.com/_VinodAnandan
  
  My point is that OIDC has mechanisms to prevent this issue..
  
  Sun, May 31, 2020 2:31pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using indigenous.abode.pub/ios