OpenID Connect security vulnerability?

Hey all,
While checking my various sites’ status reports at admin/reports/status, I am frequently seeing:

OpenID Connect - Automatically connect existing users enabled
The "Automatically connect existing users" option is enabled. This can lead to security vulnerabilities. It is **highly recommended** to [disable this option](https://dphep.web.cern.ch/admin/config/services/openid-connect#edit-connect-existing-users).

What is this? Should I disable it?

Thanks,
Cath

Hi Cath, this has been on our radar for a bit and I’d like to test it together with you. Talk to you on MM.