Using [0] as a reference, I'm talking about Step 3. This is, in my experience, t... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		rtpg on April 27, 2023 \| parent \| context \| favorite \| on: Why is OAuth still hard in 2023? Using [0] as a reference, I'm talking about Step 3. This is, in my experience, the "normal" way that people are setting up OAuth between 2 services, with a user going through the flow. [1] includes info on this (see "flawed CSRF protection") [0]: https://www.digitalocean.com/community/tutorials/an-introduc... [1] https://portswigger.net/web-security/oauth

krinchan on April 27, 2023 [–]

Aha! That makes sense! Yes that can be a problem. We exclusively use a single (our own) IdP so it's less important for us. But good to know as some future feature work will actually make this important.

Thanks!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact