OAuth: the good, the bad, and the ugly
Our experience integrating six different OAuth providers has been documented by Ignacio Coloma in his blog.
- We still kind of love OAuth, despite its problems and inconsistent implementations.
- Our system is secure with very little work, specially compared with the alternatives.
- OAuth introduces new security holes, and certainly doesn’t replace a password manager like LastPass.
- It doesn’t come for free. To implement OAuth in your website, you will have to read.
This was something that we wanted to share for a long time. Back to coding, these features are not going to develop themselves!