Ask HN: Why is OAuth still hard in 2023?
Why do you think OAuth remains challenging even in the current technological landscape? Just yesterday, I came across a post discussing CVE-2023-28131, a vulnerability that has impacted hundreds of websites.
How can we address the recurring vulnerabilities and make OAuth more user-friendly and secure? CVE-2023-28131 was published in April. But yes, great question I think OpenId solves some of the issues, at least for authentication, not authorization. Actually, the CVE-2023-283131 vulnerability was published with the full details just two days ago. In April Expo published a short post but without too much technical information.
You can find more details about CVE-2023-283131 in the link I shared here: https://salt.security/blog/a-new-oauth-vulnerability-that-ma.... Thank you for bringing up the distinction, and I agree that OpenID can help address some of the issues, but not all of them... Could SAML solve them in your eyes?