One thing I've found very frustrating is the increasing use of Oauth2 for simple API use-cases (ie I have a service that needs to call an API to fetch some data, not on behalf of any user and there's no third-party involved, aka a 2-party system that in theory should be entirely server-to-server).
In theory, you should be able to use client_credentials / 2-legged flow to simplify this, but many APIs don't support that, so you end up with an awkward flow where you are 2 of the 3 parties.
In theory, you should be able to use client_credentials / 2-legged flow to simplify this, but many APIs don't support that, so you end up with an awkward flow where you are 2 of the 3 parties.