OAuth 2.0 – Spec?

It’s no surprise that Eren left the group.  Reading through the OAuth 2.0 spec I found this paragraph:

“OAuth 2.0 provides a rich authorization framework with well-defined security properties. However, as a rich and highly extensible framework with many optional components, on its own, this specification is likely to produce a wide range of non-interoperable implementations.”

Eh?  A security spec that will produce non-interoperable implementations is not a spec imho …

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.