undefined | Better HN

0 pointsjpc01y ago0 comments

You are assuming a lot about who your oAuth provider is...

Sure many places only implement Google/Meta/Githun/Discord etc but that's not a requirement, specially for your own app. You can implement and run your own oAuth server if you so wished, much good it would be.

But regardless, that's why FIDO2 and webAuthN was developed, but even that has it's issues.

0 comments

1 comments · 1 top-level

godelski1y ago

  > You are assuming a lot about who your oAuth provider is

  > Sure many places only implement

This doesn't change my concern, but yes, it deepens it. Sure, I known there can be an arbitrary authority, but does it matter when 90% don't allow another authority? I can't think of more than once I have seen another authority listen.

j / k navigate · click thread line to collapse