Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 09, 2016, 09:33:56 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Article: OAuth 2.0 and the Road to Hell  (Read 2736 times)

Edvard

  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 2,888
    • View Profile
    • Donate to Member
Article: OAuth 2.0 and the Road to Hell
« on: October 02, 2013, 12:33:47 AM »
I was looking up what others had done in the way of making a Box.com client for Linux (there is none, just mount your folder with WebDAV).  Apparently, a client proper accesses your account using the OAuth 2.0 protocol.  I briefly looked at what it might take to whip up something of my own devising, perhaps with a bash script or my budding Pascal skills, when I came across a OAuth library for Delphi/Lazarus (which I can't find now) and decided to look up Oauth and see how difficult it might be to implement.  
I stumbled across this article written by one of the principle authors of OAuth, Eran Hammer, who abruptly quit OAuth last year after 3 years of dealing with the process of working up OAuth 2.0 to a proper IETF standard.  Scary.  I don't think I have enough Jedi skills to get very far with this...

Quote
This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad protocol. WS-* bad. It is bad enough that I no longer want to be associated with it. It is the biggest professional disappointment of my career.

oauthdead.jpg

http://hueniverse.co...nd-the-road-to-hell/

He is actually kinder to the IETF board members in the comments, and clearly he was frustrated with the process as much as the enterprise goons.
Opinions?



« Last Edit: October 02, 2013, 12:38:11 AM by mouser, Reason: added image »