On Jun 17, 2014, at 09:34 AM, Joshua Cranmer 🐧 wrote:
The problem with OAuth is that a lot of its details are left up to the whims of the implementor, such as the location of its various endpoints or even what elements in the query are mandatory. Figuring out how to go from "email address" to "OAuth bearer token" is currently impossible without hardcoding a lot of mapping details.
Not to mention that there are lots of OAuth 1.x implementations out there (client and server), and it's a fairly easy protocol to understand. At a Python conference a few years ago I spoke with someone who resigned from the committee designing OAuth 2 due to lots of problems with the new spec, essentially ill you could imagine with a designed-by-committee new version. (In the music biz, we call this the sophomore slump. Great debut album, but all the good material got used up. :)
-Barry