I’m using Auth0 with a GitHub connection. After entering my GitHub credentials I’m presented with this request to authorize “iam-login”
And the Auth0 link links to this suspicious looking user on GitHub
iam-login (Auth0) · GitHub which doesn’t even have a verified domain.
This just started to happen 4 weeks ago or so. Is this user actually owned by Auth0? Or is something else going wrong allowing someone to attempt to hijack this workflow?
Hi @cwelchmi_jcplc,
Welcome to the Auth0 Community!
We have seen this reported in the past on this GitHub account, and there is nothing to worry about.
That is really from Auth0. It happens when you try logging in with your GitHub social account with default Auth0 keys. We strongly recommend that you use your own developer keys for production. See our Test Social Connections with Auth0 Developer Keys documentation.
Thanks,
Rueben
Thanks, I registered an app with GitHub and tried to modify the keys of the GitHub social connection but was told I cannot edit that resource. Perhaps because its a free dev account?