OpenID Connect security vulnerability?

Hey all,
While checking my various sites’ status reports at admin/reports/status, I am frequently seeing:

OpenID Connect - Automatically connect existing users enabled
The "Automatically connect existing users" option is enabled. This can lead to security vulnerabilities. It is **highly recommended** to [disable this option](

What is this? Should I disable it?


Hi Cath, this has been on our radar for a bit and I’d like to test it together with you. Talk to you on MM.