Also why is it sometimes called a federated ID? Does it have to be an email address or could any value work?

  • inspxtr@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    1 year ago

    Great explanation. Two question, what’s the likelihood of an SSO page being spoofed? This seems like an all-eggs-in-one-basket sitch, so what are the potential threats to this?