OAuth Advocacy

Commenters strongly advocate for using OAuth (especially OAuth2) as the standard solution for authentication and authorization problems discussed in the article, questioning why alternatives are proposed instead.

📉 Falling 0.4x Security

4,310

Comments

Years Active

Top Authors

#5404

Topic ID

Activity Over Time

2007

2008

2009

2010

123

2011

204

2012

236

2013

263

2014

179

2015

172

2016

191

2017

138

2018

171

2019

228

2020

342

2021

243

2022

400

2023

573

2024

366

2025

386

2026

Top Contributors

mooreds (70) homakov (37) dwaite (35) tptacek (30) magicalhippo (26)

Keywords

TOS e.g MailChimp OP OAUTH HTTPS HTTP hueniverse.com API OIDC oauth user authentication oath password authorized api app webview users

Sample Comments

sintaxi • Feb 23, 2021 • View on HN

I don't see why OAuth doesn't solve this problem for you.

johanbas • Sep 6, 2016 • View on HN

OAuth is on my requirements list as well. Especially OAuth2 - client_credentials

mhurron • Jan 9, 2013 • View on HN

OAuth would be very much appreciated.

svnpenn • Sep 20, 2021 • View on HN

The fact that OAuth isnt mentioned a single time in the article is glaring. You should at least have a paragraph like "why not just use OAuth?" where you answer that question. Otherwise it seems youre avoiding the question on purpose, as these two items are clearly in the same space.

joshwa • Jun 3, 2014 • View on HN

Any reason this is better than standard OAuth2 flows?

tlrobinson • Nov 24, 2008 • View on HN

Yeah they need to implement OAuth or something similar.

dpres • Dec 2, 2011 • View on HN

Correction, OAuth < 2.0 sucks. OAuth2.0 is actually easy to use and more secure.

riffraff • Jul 15, 2011 • View on HN

can you explain why this is easier than oauth?

candiddevmike • Sep 6, 2020 • View on HN

My bad, yes I meant only OAuth.

beastman82 • Jan 15, 2021 • View on HN

Not following. What's wrong with oauth?