• huginn@feddit.it
    link
    fedilink
    arrow-up
    1
    ·
    2 months ago

    If someone has the email account password your security is already fucked. If they don’t then there’s no way to pop your oauth unless the client is shit. If the client is shit you shouldn’t give it your credentials.

    SSO is not a security vuln.