Hacker News new | ask | show | jobs
by machete143 3214 days ago
That is a really bad specification with no examples, no formalization, and zero references.

However, all server-side attack scenarios listed there are not possible with Hydra. Some of them also boil down to misusing OAuth2 for authentication, which is why we have OpenID Connect.
1 comments
homakov 3214 days ago
No, ignore the spec (it's just a list of traits i'd like to suggest), design issues are outlined after it.
link