undefined | Better HN

0 pointspjzedalis13y ago0 comments

"Because OAuth is a protocol designed to enable systems developed independently and as such it's useless unless there's an high degree of standardization. It's like saying "why can't we all use our custom version of IP/TCP/HTTP/TLS". It simply wouldn't work."

Yeah I totally disagree. It could be like any other system, just have a .NET dll, a Ruby gem, whatever to facilitate the basics of that protocol. There's nothing amazing about oAuth. It's hardly a protocol in it's own right. It's just an agreement on transferring some data (some signed, some not signed) on top of another protocol. There's no magic sauce. You don't need standardization because anybody could build a Ruby gem to support any variation of it. Whether people choose to do that is a different question.

0 comments

lmm13y ago

You're missing the part where its whole point is to be interoperable. You're exactly right that it's simple, that anyone could write any variation on it in a few lines of ruby - which is exactly why it needs standardization. Because otherwise every website will have its own authentication system, and if you want to let people log in with five different kinds of accounts then guess you're writing five different sets of code.

j / k navigate · click thread line to collapse

0 pointspjzedalis13y ago0 comments

0 comments

lmm13y ago

j / k navigate · click thread line to collapse