alt Hacker NewsI remember building oauth logins back when “login with your twitter” was a brand new revolutionary idea, before there were libraries to handle the details.
Still have scars from building directly based off the blogposts Twitter and Facebook engineers wrote about how to integrate with this. Think it wasn’t even a standard yet.
I credit that painful experience with now feeling like OAuth is really quite simple. V2 cleaned it up a lot
OAuth 1a was simpler or at least straightforward.
It doesn’t seem that way on the surface. But once your finished with out of band callback validation, localhost, refresh tokens, and PKCE, you realize what a monster OAuth 2 actually is.