Is it too late to do hottakes for something that’s been around for nearly a decade?
OAuth2 pros:
- I can allow other sites to use my data with some confidence that, at least, my authentication information won't leak
- It has made really cool stuff possible at my current workplace and workplace-2
- Libraries to make it happen in server-side apps are pretty good
Cons:
- There are a bajillionty implementations and standard definitions of OAuth2 (for somewhat justifiable reasons)
- If you want to tinker with an OAuth2 API, you're in a bit of hurt because you can't just grab a token and start playing (mostly, depending on the implementer)
- Those open source libraries are the kind of thing that drive maintainers away pretty quickly π¬
Overall: would not uninvent this technology.
