logoalt Hacker News

risyachkalast Wednesday at 11:00 PM3 repliesview on HN

Yeah it’s not difficult if you know all the specs.

The issue is 99% don’t know them and are not very good at following them. And the cost of error is very high.

I’ve seen a lot of startups that failed to implement even google oauth securely.

So yeah it’s a far cry from fud and you really should not do it unless you are actually good.

Replies

motorestlast Thursday at 4:37 AM

> Yeah it’s not difficult if you know all the specs.

I don't think this is a valid point. Specs only cover a single responsibility: interoperability. This is not a critical requirement of auth services, unless you have a hard requirement on federated auth.

fmbblast Thursday at 12:38 AM

OAuth is very complicated and fuzzy though.

I am not surprised anyone makes mistakes trying to integrate it anywhere.

threatofrainlast Wednesday at 11:04 PM

But given that BetterAuth is an open source project with a large following, and also given that they just got funding so they can hire more help, now we can evaluate BetterAuth's competency in terms of their ability to coordinate help.

show 1 reply