Why is OAuth still hard in 2023?

[ikiris]

You're free to handle a billion qps in authentication requests if you want. I don't suggest it.

[asdfman123]

Greatly reducing hosting costs at the expense of making someone else do a little more work sounds like a win to me.

[paulddraper]

Don't the clients have to do a billion qps as their retrieve access/refresh tokens from their data stores?

[migf]

Yeah, but it's a negligible rounding error of cpu time for each client.

Distributing this work ironically makes it much easier to centralize the authentication.