Hacker News new | ask | show | jobs
by vwpolo3 2540 days ago
Yes, implementing both OAuth2 as well as OIDC according to spec is a significant development effort and countless teams and companies fail at pushing through, shipping incomplete or insecure implementations. If you’re greenfield, OAuth2/OIDC is with 99% certainty not the right fit for you anyways.
5 comments
manigandham 2540 days ago
Bringing in a library is different from building it from scratch. Pretty much every language has solid OIDC frameworks now.

OIDC is great for greenfield and much better than writing user signin flow every time.

link
vwpolo3 2540 days ago
Username + Password with a cookie store is much better understood and harder to get wrong than implementing a full OIDC suite (server + client). If you're talking federated login, that's what OIDC is for. If you're talking "login", your opinion is misguided.
link
manigandham 2539 days ago
We might not be talking about the same thing. The thread was comparing to other OAuth servers, and then libraries, but nobody is talking about implementing it from scratch.

That being said, if you're working on a greenfield app where you need auth, using an OAuth/OIDC server is much better and faster than creating yet another membership system for that app. That's a major advantage of identity federation.

link
wikibob 2540 days ago
What is the suggested solution for Greenfield development?
link
kronin 2540 days ago
Additionally, Greenfield dev where federated identity support is a requirement
link
dashwav 2539 days ago
Lets say there are no restrictions, what type of authentication flow would you recommend looking into? I was under the impression that OAuth2 was pretty much the goto standard nowadays.
link
manigandham 2539 days ago
OpenID Connect with the authorization code flow using PKCE is the newest and best standard, and now works the same for both client-side and server-side apps.
link
plange 2540 days ago
This is NIH syndrome. You're way better off following the standards, and likely implementing standard libraries to actually make use of them.
link
vwpolo3 2540 days ago
Sorry, but following a standard for federation is not a substitute for building a log in system, which is what most people want when building "a web app".
link
atonse 2540 days ago
Ok makes sense, thanks (it was a genuine question, sounds like those protocols are quite complex.)
link