OAuth has become the de facto standard for authorization and authentication on the web. Nearly every company with an API used by third party developers has implemented OAuth to enable people to build apps on top of it.
While OAuth is a great framework for this, the way it has ended up being used is ...
In this last episode before David Shanske and I head to the Indieweb Summit in Portland, Oregon, we discuss updates to people’s Indieweb experience, little things David has hidden in plugins, web-signin vs IndieAuth, etc.
We’re both looking forward to seeing those of you who can join us in Portland.
It never occurred to me that people would be blaming @oauth_2 for the Facebook mess. Friendly reminder that OAuth is what lets you control *which* parts of your Facebook data apps get access to, and what lets you revoke that access, which you can do here: https://www.facebook.com/settings?tab=applications