OAuth Bearer Tokens are a Terrible Idea
Eran Hammer
693

I just read what I was thinking all the time when implemeting OAuth 2.0 Spec. Loved the part “People don’t read spec, they follow market”. But we have to make sure that tokens are safer to use, rather than ignoring tokens altogether (Because cookies are restricted to Browsers and Mobile App development needed other ways to authenticate to servers and token provide that way with ease). I also feel that relying solely on SSL security is really stupid to start with.

Thanks for putting this article, a great read.

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.