Hacker News new | ask | show | jobs
by machete143 3214 days ago
Yes indeed, running OAuth2 without https is madness!
1 comments
unilynx 3214 days ago
It's not just madness, TLS is a MUST in several places in the oauth2 spec.

In fact, they managed to remove a lot of oauth1 madness (all the complex signing stuff) by simply requiring TLS and let that layer deal with it.

link