OmniAuth Apple
| Upstream URL | Security Risk | Abandonment Risk |
|---|---|---|
| https://github.com/nhosoya/omniauth-apple | High | Very High |
External contacts
There is a public GitHub issue tracker.
Security posture
This gem is responsible for the Sign In with Apple authentication strategy and therefore is of high importance for the security of MoR. Sign in bypass could expose customer order history to a third party attacker.
Abandonment risk
It is the opinion of the authors of this document that this gem has already been abandoned. It has had no activity in two years, and multiple pull requests fixing issues and potential security risks have gone unmerged.
We believe it is in the best interest of WTI, moving forward, especially if we are going to use this gem in future projects (such as Curator or Palmerston), that we should consider forking this gem and releasing our own version.
Versioning policy
Any updates will be pulled in via bundle during our monthly updates.