Reading the user's profile information _is_ the delegated action. OAuth provider... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		mdavidn on July 23, 2024 \| parent \| context \| favorite \| on: A Gentle Introduction to SAML Reading the user's profile information _is_ the delegated action. OAuth providers were already doing this prior to OIDC but in incompatible ways. OIDC standardized how that information is requested and returned.

tptacek on July 23, 2024 [–]

No, the whole point of OIDC is that permission to read your profile is not semantically the same thing as authenticated sign-on.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact