|
|
|
|
|
|
by ratg13
1574 days ago
|
|
|
Your thoughts seem misguided. OAauth2 was never intended for authentication, it was intended for authorization. (i.e. - "authority X gives you Y permission for Z feature" Facebook and Google were just the first to bastardize the protocol and leverage it for authentication. (i.e. - since we can give you permission, you are probably who you say you are) OAuth was never intended to work like this, which is why it saw limited adoption. Finally OIDC was added to the protocol to catch up with how people are using it, which is why you now see everyone migrating to OIDC, which makes federation for everyone much simpler. |
|
|