Hacker News new | ask | show | jobs
by Animats 1139 days ago
The trouble is that you can, apparently, have only one trusted third party. You can't have a backup authentication service in case the trusted third party fails. That's what's needed.

I'd like to have a regulated entity such as a bank, or even the California DMV, as a backup authentication provider. They have legal obligations that Google does not.
1 comments
judge2020 1139 days ago
You'd need a law saying that the California DMV or whoever must run an oauth service, and then you'd see people integrate it. As it stands, this isn't a thing because the California DMV and even banks aren't interested in being the populus' IDP.
link
Animats 1138 days ago
Banks are into this. JP Morgan Chase uses OAuth2 for some services. It's more of an enterprise thing right now.[1]

[1] https://www.jpmorgan.com/technology/technology-blog/protecti...

link