Security Director at ForgeRock.
Author: https://www.manning.com/books/api-security-in-action
Cryptography and application security. PhD in AI. Secret Prolog junkie.
I think whats being said is that OAuth/OpenID is harder than it should be to get going. I think is more a way to say - Here's a cheap way to create a place holder for OAuth so you dont loose 8-16 hours on a weekend tripped up over some small thing you forgot to tod. I'd rather spend 16 hours building out your cool idea and find out if THAT works and then put in OAuth when my idea is taking shape
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Are you sure your hand-rolled protocol will resist replay attacks, Login CSRF, etc? There are good reasons why these protocols are complex.
I think whats being said is that OAuth/OpenID is harder than it should be to get going. I think is more a way to say - Here's a cheap way to create a place holder for OAuth so you dont loose 8-16 hours on a weekend tripped up over some small thing you forgot to tod. I'd rather spend 16 hours building out your cool idea and find out if THAT works and then put in OAuth when my idea is taking shape