Nat Sakimura · Jun 7, 2019 · 11:18 PM UTC

Nat Sakimura @_nat_en

7 Jun 2019

So login by Apple seems to be #OpenID Connect with some twist. A huge win for #oidc

Torsten Lodderstedt · Jun 8, 2019 · 7:01 PM UTC

Torsten Lodderstedt @tlodderstedt

8 Jun 2019

lack of code replay protection and proprietary client authentication method?

Aaron Parecki · Jun 9, 2019 · 3:29 AM UTC

Aaron Parecki · Jun 9, 2019 · 3:29 AM UTC

Aaron Parecki @aaronpk

9 Jun 2019

In my testing, I wasn't able to use an authorization code twice. Did you see something different?

Jun 9, 2019 · 3:29 AM UTC

Torsten Lodderstedt · Jun 9, 2019 · 7:03 AM UTC

Torsten Lodderstedt @tlodderstedt

9 Jun 2019

yes I meant code injection == code replay in the authz response

Scott Brady · Jun 9, 2019 · 6:00 AM UTC

Scott Brady @scottbrady91

9 Jun 2019

I assume Torsten meant code injection. When I integrated I couldn’t find any protection against this scottbrady91.com/OpenID-Conn…

Implementing Sign in with Apple in ASP.NET Core

A primer on Sign in with Apple, including an example integration in ASP.NET Core.