OAuth 2.0 failed? Good commentary and blog from Eran Hammer: http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

140 views
Skip to first unread message

Henry Saputra

unread,
Jul 27, 2012, 2:26:51 AM7/27/12
to opensocial-an...@googlegroups.com
Very good piece of writing on how OAuth 2.0 specs have become complex
beast that are less secure and harder to implement correctly:

http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/

A must read for OpenSocial specs community I believe

- Henry

Franklin, Matthew B.

unread,
Jul 27, 2012, 3:32:35 PM7/27/12
to opensocial-an...@googlegroups.com
I have received this link from a bunch of different sources. Fundamentally, I feel like this is mostly Eran's frustration shining through. That doesn't mean that OAuth 2 doesn't have issues; it does. From my perspective, the issues are workable and with all the people currently investing in it there is a good chance of it succeeding.

Besides, what is the alternative?

--
You received this message because you are subscribed to the Google Groups "OpenSocial and Gadgets Specification Discussion" group.
To post to this group, send email to opensocial-an...@googlegroups.com.
To unsubscribe from this group, send email to opensocial-and-gadg...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.


Henry Saputra

unread,
Jul 27, 2012, 4:53:04 PM7/27/12
to opensocial-an...@googlegroups.com
Yeah I believe so, and I wasnt suggesting us to drop OAuth 2.0 support
but rather wanted to share what happen to OAuth community that could
be kind of learning experience for us in the OpenSocial community.

I believe the main OAuth2.0 specs just becoming like a huge blueprint
or skeleton that needs additional specs to make it actually work well
comparing to how clean (and secure) OAuth 1.0a specs.

Its just my 2 cents though =)

- Henry
Reply all
Reply to author
Forward
0 new messages