re: Do you need OAuth/OAuth2/OpenID Connect? VIEW POST


Are you sure your hand-rolled protocol will resist replay attacks, Login CSRF, etc? There are good reasons why these protocols are complex.


I think whats being said is that OAuth/OpenID is harder than it should be to get going. I think is more a way to say - Here's a cheap way to create a place holder for OAuth so you dont loose 8-16 hours on a weekend tripped up over some small thing you forgot to tod. I'd rather spend 16 hours building out your cool idea and find out if THAT works and then put in OAuth when my idea is taking shape

code of conduct - report abuse