Good description of OAuth from one of the folks there at the beginning. I think the author doesn't do a great job of answering the question in the concrete, though. This sibling comment does a lot better[0].
I'm partial to this piece[1], which I helped write. It covers the various common modalities of OAuth/OIDC. (It's really hard to separate them, to be honest; they're often conflated.) Was discussed previously on HN[2].
> It's all just a sprawling behemoth of a framework, because it tries to do everything.
I also interact with OAuth quite a bit at work. I also have dealt with SAML.
I'd pick OAuth over SAML any day of the week, and not just because OAuth (v2 at least) is 7 years younger.
It's also because OAuth, for all its sprawl, lets you pick and choose different pieces to focus on, and has evolved over time. The overall framework tries to meet everyone's needs, but accomplishes this via different specs/RFCs.
SAML, on the other hand, is an 800 page behemoth spec frozen in time. It tried to be everything to everyone using the tools available at the time (XML, for one). Even though the spec isn't evolving (and the WG is shut down) it's never going to go away--it's too embedded as a solution for so many existing systems.
I also don't know what could replace OAuth. I looked at GNAP but haven't seen anything else comparable to OAuth.
Fair point. As the author, I was explicitly looking at it in the context of technology or technology companies building communities around them. I was working in developer relations at that time, so building a community of practitioners around our software was a priority for me.
I didn't mean "community" in the general sense, though I have thoughts on how to build that too:
* show up
* be kind
* try to meet people where they are at, but have minimum engagement standards
* follow up and meet regularly
* leverage existing groups and communities (organizations like Rotary or friend groups) where possible
> Its PPC ad platform is completely predatory, loaded with dark patterns and hidden defaults that add billions to top-line revenue while strip-mining the accounts of sellers who often have no choice but to participate in the auctions.
At least they mark ads as 'sponsored', even though it isn't super prominent.
I always scroll until I see organic results, myself.
They mark some of them. Not all of them. Last article I read said 80% of placements on the search results page are paid ads. And they only mark like 4-5 of them as "sponsored"
reply