undefined | Better HN

0 pointsbrabel8y ago0 comments

The OAuth use case you mention is spot on but with OAuth clients available in every language remotely popular I don't agree it's complicated. And I think that even if you don't have a strong user case for OAuth you will sooner or later. Better to go with the standard practice for user centric APIs instead of using ad hoc solutions.

0 comments

mattmanser8y ago

It is vastly more complicated, you have to do all sorts of redirecting and capturing with OAuth that you simply don't have to do with basic authentication.

And woe betide you if you're not using a framework that vaguely plugs + plays oauth.

Couple that with all the shennanigans involved when trying to get two servers to talk to each other without a human involved in oauth.

j / k navigate · click thread line to collapse

0 pointsbrabel8y ago0 comments

0 comments

mattmanser8y ago

It is vastly more complicated, you have to do all sorts of redirecting and capturing with OAuth that you simply don't have to do with basic authentication.

And woe betide you if you're not using a framework that vaguely plugs + plays oauth.

Couple that with all the shennanigans involved when trying to get two servers to talk to each other without a human involved in oauth.

j / k navigate · click thread line to collapse