top | item 47097385

(no title)

Swizec | 9 days ago

I remember building oauth logins back when “login with your twitter” was a brand new revolutionary idea, before there were libraries to handle the details.

Still have scars from building directly based off the blogposts Twitter and Facebook engineers wrote about how to integrate with this. Think it wasn’t even a standard yet.

I credit that painful experience with now feeling like OAuth is really quite simple. V2 cleaned it up a lot

discuss

paulddraper|9 days ago

OAuth 1a was simpler or at least straightforward.

It doesn’t seem that way on the surface. But once your finished with out of band callback validation, localhost, refresh tokens, and PKCE, you realize what a monster OAuth 2 actually is.

sebazzz|6 days ago

Ouch, reminds me of hours debugging OAuth2 implementation in my Surface 1 app for Twitter because the nonce or some other checksum was not calculated correctly.