top | item 43751895

(no title)

korginator | 10 months ago

OAuth2.0 is for authorization, it is not an identity layer or authentication protocol. The article further conflates the purpose of OAuth with authentication types, phishing and other (valid) concerns, which are not entirely in the scope of OAuth.

There are widely used schemes (OAuth+OIDC+... etc.) that the industry is already using. The last two paragraphs are fluff. Not sure who this article is is meant for, but it's sloppy.

discuss

No comments yet.