My rant about OAuth: It is overly complex because it has too many features to sa... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		littlecranky67 on April 26, 2023 \| parent \| context \| favorite \| on: Why is OAuth still hard in 2023? My rant about OAuth: It is overly complex because it has too many features to satisfy each and every enterprise case. For me who runs a simple website (no 3rd party login), I learned that OAuth2 is just not a good choice. JWE/JWT and samesite=strict plus HttpOnly cookies are reasonably simple, yet secure enough.

chasd00 on April 27, 2023 [–]

A simple website with no third party login nor needing access to a third party API on behalf of the user should never use Oauth to begin with. a standard session cookie works just fine in those situations (as you discovered).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact