Micro.blog

aaronpk
aaronpk
Do I know anyone involved with @LoginDotGov? I found a few (minor) issues with the OAuth/OpenID docs there https://developers.login.gov/oidc/
DoctorMac
DoctorMac

@aaronpk I can find the correct people or pass it along if you want

DoctorMac
DoctorMac

@aaronpk you would use this mechanism: 18f.gsa.gov/vulnerabi...

"We accept and discuss vulnerability reports on HackerOne, via email at tts-vulnerability-reports@gsa.gov, or through the form"

HackerOne is the preferred reporting.

aaronpk
aaronpk

@DoctorMac Thanks, it's not a security issue, just some misleading wording in the docs. I sent them a PR to fix it!

DoctorMac
DoctorMac

@aaronpk ahh i thought it could lead to miscofiguration...also a firm believer bad documentation leads to bad security...