You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When logging in with Google, any user can create an account using email, password and profilePicture via postman, even if that email does not belong to him/her. There is no control mechanism. It can even reach other people's accounts by just trying random emails. Is there a way to prevent this?
For example, if I send the following request to localhost:3000/api/auth/google in this link
{
"email":"[email protected]",
}
will approve my entry even if it is not mine.
Is there a point I missed?
The text was updated successfully, but these errors were encountered:
When logging in with Google, any user can create an account using email, password and profilePicture via postman, even if that email does not belong to him/her. There is no control mechanism. It can even reach other people's accounts by just trying random emails. Is there a way to prevent this?
For example, if I send the following request to localhost:3000/api/auth/google in this link
{
"email":"[email protected]",
}
will approve my entry even if it is not mine.
Is there a point I missed?
The text was updated successfully, but these errors were encountered: