OAuth: the good, the bad, and the ugly

Our experience integrating six different OAuth providers has been documented by Extrema Sistemas in their blog.

The conclusions:

• We still kind of love OAuth, despite its problems and inconsistent implementations.
• Our system is secure with very little work, specially compared with the alternatives.
• OAuth introduces new security holes, and certainly doesn’t replace a password manager like LastPass.
• It doesn’t come for free. To implement OAuth in your website, you will have to read.

This was something that we wanted to share for a long time. Back to coding, these features are not going to develop themselves!