I going through this guide on how to configure Google as OIDC provider.
In the first part, where no Google-specific configuration is needed, there is no mention about the setup of an OAuth application.
However, when going through the Google-specific configuration, (which I want to set up given that I want the information about group membership) there seems to be a need for the OAuth app to be of
external user type
Why is that? Isn’t this a security issue to have all gmail users being able to potentially access vault?