Recently, Okta released an article titled “Nobody Cares About OAuth or OpenID Connect” that authoritatively stated that “Developers don’t care about OAuth or OpenID Connect". I strongly disagree.
Their key takeaways are:
- The security community needs to keep developers safe
- Developers using OAuth and OpenID Connect client libraries is similar to them rolling their own crypto
- Client libraries should handle all of the authentication and authorization for developers, not just OAuth and OpenID Connect