Hello! I am the author of this, never expected to see it here! I was extremely surprised when my friend mentioned it was on here and Hacker News wouldn't let me comment.
If anyone has questions or any feedback let me know as it is a work in progress! Thank you for all the kind words!
I'd love to see a explanation of the security implications of each flow. As I understand it the "most secure" flow is OAuth 1.0a (three-legged), but its a total pain so it is mostly avoided. OAuth 2.0 is dramatically simpler, but there are bespoke additions (Google and Facebook come to mind) that you have to handle, typically in the name of security. I am ignorant of all the implications and would like a guide.
Hello! I am the author of this, never expected to see it here! I was extremely surprised when my friend mentioned it was on here and Hacker News wouldn't let me comment.
If anyone has questions or any feedback let me know as it is a work in progress! Thank you for all the kind words!
Great work. Thanks for all of this. I can't be the only one who has on more than one occasion waded through the technical descriptions of this topic and read code examples and still feels a bit lost, giving up and just using an existing library and crossing my fingers. I haven't read your entire doc yet but what I have is very nicely explained.
I think if more people understood it better we would all have a better shot at consistency in this regard. To that end you've made a great start. Cheers.
If anyone has questions or any feedback let me know as it is a work in progress! Thank you for all the kind words!