per oauth spec you get told what is shared. usually it’s just your user id (which often is email or username), i haven’t seen crazy scopes in the wild in a while
Some services even have an option to only share a dummy email and not your real. Apple for example does this, so all the site gets is “36382618161@apple.com” (don’t know the exact format). And it is only tied to your real email address on apple’s side
so they mostly do…
per oauth spec you get told what is shared. usually it’s just your user id (which often is email or username), i haven’t seen crazy scopes in the wild in a while
Some services even have an option to only share a dummy email and not your real. Apple for example does this, so all the site gets is “36382618161@apple.com” (don’t know the exact format). And it is only tied to your real email address on apple’s side