|
|
|
|
|
|
by fkooman
3888 days ago
|
|
|
https://tools.ietf.org/html/rfc6749#section-1.8 ``` OAuth 2.0 provides a rich authorization framework with well-defined
security properties. However, as a rich and highly extensible
framework with many optional components, on its own, this
specification is likely to produce a wide range of non-interoperable
implementations.
In addition, this specification leaves a few required components
partially or fully undefined (e.g., client registration,
authorization server capabilities, endpoint discovery). Without
these components, clients must be manually and specifically
configured against a specific authorization server and resource
server in order to interoperate.
This framework was designed with the clear expectation that future
work will define prescriptive profiles and extensions necessary to
achieve full web-scale interoperability.
```So what are we waiting for? I don't think OpenID Connect is the answer here, maybe something more in the direction of IndieAuth (https://indieauth.com/). |
|
|