ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Other Software > Developer's Corner

Article: OAuth 2.0 and the Road to Hell


I was looking up what others had done in the way of making a client for Linux (there is none, just mount your folder with WebDAV).  Apparently, a client proper accesses your account using the OAuth 2.0 protocol.  I briefly looked at what it might take to whip up something of my own devising, perhaps with a bash script or my budding Pascal skills, when I came across a OAuth library for Delphi/Lazarus (which I can't find now) and decided to look up Oauth and see how difficult it might be to implement.  
I stumbled across this article written by one of the principle authors of OAuth, Eran Hammer, who abruptly quit OAuth last year after 3 years of dealing with the process of working up OAuth 2.0 to a proper IETF standard.  Scary.  I don't think I have enough Jedi skills to get very far with this...

This is a case of death by a thousand cuts, and as the work was winding down, I’ve found myself reflecting more and more on what we actually accomplished. At the end, I reached the conclusion that OAuth 2.0 is a bad protocol. WS-* bad. It is bad enough that I no longer want to be associated with it. It is the biggest professional disappointment of my career.
--- End quote ---

He is actually kinder to the IETF board members in the comments, and clearly he was frustrated with the process as much as the enterprise goons.


[0] Message Index

Go to full version