top | item 42392582

(no title)

A year ago we implemented OAuth for 100 popular APIs.

Our experience was exactly like OP describes: https://www.nango.dev/blog/why-is-oauth-still-hard

discuss

I worked on a system that implemented OAuth against maybe a half-dozen APIs. None of them were the same. It's a series of rough guidelines, a pattern, not a spec.

shesprtytechncl|1 year ago

The extra annoying part is that learning each auth is basically a single-use exercise. Sure, you get better from 0-5 but from 5-100 it's mostly just grumbling and then trying to forget whatever esoteric "standard" was implemented.

Source- done over 300 system connections. Save the straight API keys, they're all special and unique snowflakes.

arwhatever|1 year ago

Almost the exact same sentiment as yours, but from an earlier conversation, and it really stuck with me.

“… one of the principle issues is that it's less a protocol and more a skeleton of a protocol.”

https://news.ycombinator.com/item?id=35720336

Shakahs|1 year ago

See also: EDI / EDIFACT / ANSI X12. It was supposed to standardize the way businesses exchange data, but every company implements it differently so integrations take forever, and there's an entire of middlemen offering solutions to make it faster.

7bit|1 year ago

The RFC reads very much like a spec and not like a rough guideline. What are you talking about when you say guideline?