An illustrated guide to OAuth

(www.ducktyped.org)

354 points egonschiele | 1 comments | 25 Aug 25 12:29 UTC | HN request time: 0.203s | source

Show context

gethly ◴[25 Aug 25 13:31 UTC] No.45013667[source]▶

I am implementing oauth right now, along with oidc. I must say that for such a simple concept, getting to the facts that help me to actually implement it is insanely hard. I have no idea why but everywhere i look it just seems like it only scratches the surface and you get no tangible information that you can use to actually implement it in code. I ended up mostly browsing the specs and grok was insanely helpful to explain meaning of various things where information was lacking or buried deep in documentation/specifications. I would say this was the first time where i actually appreciated these new "AIs", which i don't use at all.

replies(15): >>45013786 #>>45014191 #>>45014923 #>>45014925 #>>45015705 #>>45016116 #>>45016464 #>>45016521 #>>45016761 #>>45017703 #>>45017714 #>>45018132 #>>45018714 #>>45019295 #>>45021989 #

fmbb ◴[25 Aug 25 15:29 UTC] No.45014925[source]▶

>>45013667 #

This is because OAuth is just SAML with JSON designed by committee so it has all the bells and all the whistles and everything is optional and depends on who you integrate with and how.

replies(1): >>45017473 #

1. tptacek ◴[25 Aug 25 18:48 UTC] No.45017473[source]▶

>>45014925 #

Point of order: first, OIDC is SAML, not OAuth (OAuth by itself solves a different problem) and second, OIDC is much better than SAML --- the committee did its job there.

↑