avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Friday June 14, 2024, 11:58 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Article: OAuth 2.0 and the Road to Hell  (Read 5681 times)


  • Coding Snacks Author
  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 3,017
    • View Profile
    • Donate to Member
Article: OAuth 2.0 and the Road to Hell
« on: October 02, 2013, 12:33 AM »
I was looking up what others had done in the way of making a client for Linux (there is none, just mount your folder with WebDAV).  Apparently, a client proper accesses your account using the OAuth 2.0 protocol.  I briefly looked at what it might take to whip up something of my own devising, perhaps with a bash script or my budding Pascal skills, when I came across a OAuth library for Delphi/Lazarus (which I can't find now) and decided to look up Oauth and see how difficult it might be to implement.  
I stumbled across this article written by one of the principle authors of OAuth, Eran Hammer, who abruptly quit OAuth last year after 3 years of dealing with the process of working up OAuth 2.0 to a proper IETF standard.  Scary.  I don't think I have enough Jedi skills to get very far with this...

This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad protocol. WS-* bad. It is bad enough that I no longer want to be associated with it. It is the biggest professional disappointment of my career.


He is actually kinder to the IETF board members in the comments, and clearly he was frustrated with the process as much as the enterprise goons.

« Last Edit: October 02, 2013, 12:38 AM by mouser, Reason: added image »