[arekkas]

The libraries (SDK) I used for my first project for had security flaws. OAuth2 is super simple to implement, but hard to get right. It's not just two endpoints, it's multiple specs with ~200 written pages. Some people for example don't even know that [rfc6819](https://tools.ietf.org/html/rfc6819) even exists. Most SDKs are also very limited or hard to extend (e.g. adding OpenID Connect).

I believe that adding a docker container to your deployment and creating a consent token (JWT) is even less work than integrating with an SDK and implementing the missing parts every time you hit that new edge case. On top of that, you can be sure that it is backed by an open source community.