Tim Bray on the Deadness of OAuth 2:

[..] when­ever I get into a con­ver­sa­tion with some­one on the En­ter­prise side, even when I think I un­der­stand the prob­lem do­main, I lose the plot, and fast. The re­quire­ments these peo­ple claim to have around both au­then­ti­ca­tion and au­tho­riza­tion are so ar­cane and sub­tle and legacy-laden that you have to be a full-time pro­fes­sional to even un­der­stand them.
Also, some of them seem to exist to serve goals that seem to me like a good rea­son to short the stock of any com­pany want­ing that shit.
Maybe it’s just that I don’t un­der­stand, which usu­ally seems to be the case when I get into this ter­ri­tory. On the other hand, maybe they’re Doing It Wrong.

And this isn’t only the case for things like OAuth.