Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

OAuth is powerful and awesome because even when people hand over full control they can revoke that access at any time they want.

Previous to OAuth people would hand over their credentials to third party apps. That's what sucking looks like.



Before, all you needed to do to revoke access to all those crazy 3rd parties you gave your password to was: change your password. Now, you need to figure out where to go to revoke permissions, figure out what 3rd party app you no longer want, and figure out exactly what permission (in Facebook's case, but not Twitter's). It's confusing even for technical people because it's nonstandard and different on every OAuth provider's site.


1) Unless the app was evil and changed your password for you.

2) Or unless you wanted to let some apps keep access to your account, but not others.

3) And if you can easily deal with remembering new passwords (most users can't).




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: