Hello, this is an endpoint that leaks all the information of the users like names, email, role, and OpenID to an authenticated user
1) build the web app
2) either you host it locally or on a server
3) try to add users with their data
4) visite http://localhost:5230/api/status
5) you can see all the users and their data
anyone can build this web app on a server (i.e http://example.com) an authenticator user can visit http://example.com/api/status and fetch all the data of the users