Ask HN: Why is OAuth still hard in 2023?

Y	Hacker News new \| ask \| show \| jobs

	Ask HN: Why is OAuth still hard in 2023?
	4 points by MorL 1118 days ago
	Why do you think OAuth remains challenging even in the current technological landscape? Just yesterday, I came across a post discussing CVE-2023-28131, a vulnerability that has impacted hundreds of websites. How can we address the recurring vulnerabilities and make OAuth more user-friendly and secure?

1 comments

greenviad 1118 days ago

CVE-2023-28131 was published in April.

But yes, great question

I think OpenId solves some of the issues, at least for authentication, not authorization.

link

aviCC 1118 days ago

Actually, the CVE-2023-283131 vulnerability was published with the full details just two days ago. In April Expo published a short post but without too much technical information. You can find more details about CVE-2023-283131 in the link I shared here:

https://salt.security/blog/a-new-oauth-vulnerability-that-ma....

Thank you for bringing up the distinction, and I agree that OpenID can help address some of the issues, but not all of them...

link

stop50 1118 days ago

Could SAML solve them in your eyes?

link