Document how Solid-OIDC can be vulnerable to phishing attacks where attackers create malicious applications or fake login pages to capture user credentials. For example, users might be redirected to a fake IdP that mimics a legitimate one, tricking them into entering their credentials.
Some remediations might involve some way of verifying the legitimacy/integrity of the redirect URIs or requiring MFA.
Document how Solid-OIDC can be vulnerable to phishing attacks where attackers create malicious applications or fake login pages to capture user credentials. For example, users might be redirected to a fake IdP that mimics a legitimate one, tricking them into entering their credentials. Some remediations might involve some way of verifying the legitimacy/integrity of the redirect URIs or requiring MFA.