Ask HN: Why is OAuth still hard in 2023?
Why do you think OAuth remains challenging even in the current technological landscape?
Just yesterday, I came across a post discussing CVE-2023-28131, a vulnerability that has impacted hundreds of websites.
How can we address the recurring vulnerabilities and make OAuth more user-friendly and secure?
3 comments
[ 3.0 ms ] story [ 33.9 ms ] threadBut yes, great question
I think OpenId solves some of the issues, at least for authentication, not authorization.
https://salt.security/blog/a-new-oauth-vulnerability-that-ma....
Thank you for bringing up the distinction, and I agree that OpenID can help address some of the issues, but not all of them...