Tim Bray on the Deadness of OAuth 2:
[..] whenÂever I get into a conÂverÂsaÂtion with someÂone on the EnÂterÂprise side, even when I think I unÂderÂstand the probÂlem doÂmain, I lose the plot, and fast. The reÂquireÂments these peoÂple claim to have around both auÂthenÂtiÂcaÂtion and auÂthoÂrizaÂtion are so arÂcane and subÂtle and legacy-laden that you have to be a full-time proÂfesÂsional to even unÂderÂstand them.
Also, some of them seem to exist to serve goals that seem to me like a good reaÂson to short the stock of any comÂpany wantÂing that shit.
Maybe it’s just that I don’t unÂderÂstand, which usuÂally seems to be the case when I get into this terÂriÂtory. On the other hand, maybe they’re Doing It Wrong.
And this isn’t only the case for things like OAuth.