php-apple-signin icon indicating copy to clipboard operation
php-apple-signin copied to clipboard

Published 20 hours ago verified publisher icon GriffinLedingham

Is verification useful?

Open neobie opened this issue 4 years ago • 1 comments

This program can verify if the identityToken is valid with clientUser. But it didn't verify if the clientUser is from the app I wish to verify (Service ID, Team ID) Meaning any apps can verify and return true in this program..

neobie avatar Jul 03 '20 06:07 neobie

I think that user string is unique so it can not exist in any other app's scope, if I am understanding you correctly.

To my knowledge, this package's verifyUser function is safe and secure verification if the user is valid.

m41w4r3exe avatar Aug 05 '20 13:08 m41w4r3exe