WeChat ID
aaronpk_tv
True, but it would be tricky.
Wouldn’t the attacker have find a way to extract the code_verifier
from local storage and pass it along with the hijacked redirect?
They would have to somehow have the ability to write custom js code on the path they are redirecting to. I guess this is possible on sites that don’t sanitize user inputs.
Ever wanted to use your own choice of OIDC IdP with @tailscale? I'm looking for private alpha testers - new and existing users welcome. DM me!
A bit confused as to how it interacts with #fediverse - rival paradigms? Interoperable? Just totally different things? #indieweb
@aaronpk Video has a credit for a Tom Baker of Lake Oswego