Hacker News new | past | comments | ask | show | jobs | submit login

> What's nice about OAuth is that it allows the end user to control access to information and revoke access as needed.

One thing to know is that this is entirely up to the implementer. As others have noted, some sites do this, some don't. The concept of an access token having some "scope" of authorization is not limited to OAuth – there's no reason this can't be done with any other sort of authorization protocol. Bank security procedures are bad and they should feel bad but I'm not sure OAuth is the right solution.




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: