|
|
|
|
|
|
by dathinab
2070 days ago
|
|
|
You always could use OAuth in apps just fine. OAuth 2 was a design nightmare. But by now it kinda consolidated into a usable best practices how to do it. But gathering them from the core RFC and all the extensions is a pain. So what would be nice would a a updated RFC including all best practice and deprecating all things which turned out bad (or had security vulnerabilities). OAuth 2.1 somewhat goes into that direction. But IMHO OAuth 3 looks like starting the whole OAuth 2 madness from the scratch not learning from all the problems OAuth 2 had when it was new... |
|
|