From my experience, the blame lands on documentation and consistency at the implementation level. What should be a fairly simple process (redirect -> receive an HTTP request w/ code to exchange -> perform an HTTP request to exchange code for token) is always made into some esoteric spaghetti.
I recently wasted hours implementing OAuth login for Bitbucket because their docs have bad links, bad explanation of params to pass, and bad explanation of endpoints to hit. I implemented Github and Gitlab just before in ~30 minutes total, so it really is a YMMV by provider problem.
I recently wasted hours implementing OAuth login for Bitbucket because their docs have bad links, bad explanation of params to pass, and bad explanation of endpoints to hit. I implemented Github and Gitlab just before in ~30 minutes total, so it really is a YMMV by provider problem.