I wonder why macaroons [1] are not even mentioned in this discussion yet. They h... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nine_k on Dec 27, 2018 \| parent \| context \| favorite \| on: Ask HN: What do you use for authentication and aut... I wonder why macaroons [1] are not even mentioned in this discussion yet. They have all the upsides of cookies, but also can be narrowed down to be handed to third parties (good for APIs), caveats, and have a standardized and implemented [2] verification scheme. I wonder why they don't see wider use. Do they have significant downsides? [1]: http://hackingdistributed.com/2014/05/16/macaroons-are-bette... [2]: https://github.com/rescrv/libmacaroons

Boulth on Dec 27, 2018 [–]

Macaroons have their own issues, see my previous comment here: https://news.ycombinator.com/item?id=17879403

If you've got questions about them I'm happy to answer.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact