Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Whatever the intentions may have been, it is definitely not the case that OAuth pushes complexity to authorization servers. My audit checklist for OAuth clients is fairly long.


As someone in the early stages implementing Oauth2 for the first time, I would be interested in seeing that list, if you don't mind sharing.


Agreed, I'd love to read that blog post.


Or Book/booklet, I'd buy that as I'm sure many would.

Indeed, there are some people when it comes to best practices, that I respect more than industry standards as they are usual best practices that will be standard tomorrow.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: