[sjtgraham]

Hey Jonas! TAuth is simpler than OAuth 2.0 and doesn't suffer the same security issues. So… why use OAuth?

[jhuckestein]

The devil you know I suppose ;)

IIRC we didn't go too far down the client cert route because we're behind CloudFlare and we like it that way. Something to revisit in the future.

[lmm]

The three-legged flow from OAuth is widely needed. (I would agree with sticking to earlier versions that allow more specific tokens though)