DEV Community


Discussion on: Do you need OAuth/OAuth2/OpenID Connect?

neilmadden profile image
Neil Madden

Are you sure your hand-rolled protocol will resist replay attacks, Login CSRF, etc? There are good reasons why these protocols are complex.

mikerg profile image

I think whats being said is that OAuth/OpenID is harder than it should be to get going. I think is more a way to say - Here's a cheap way to create a place holder for OAuth so you dont loose 8-16 hours on a weekend tripped up over some small thing you forgot to tod. I'd rather spend 16 hours building out your cool idea and find out if THAT works and then put in OAuth when my idea is taking shape