Previous discussion: <a href="https://news.ycombinator.com/item?id=5777102" rel="nofollow">https://news.ycombinator.com/item?id=5777102</a><p>From a security perspective, this is a horrible idea, adding a completely untrusted intermediary. OAuth.io will technically have access to all of your user data, and any security flaws that they have will impact your service and user data.
I think this is a step backward. The OAuth specs were designed to make it easier to work with different services and now we have to utilize yet another service to communicate with those services?! Via a priority protocol even!<p>As a developer, I understand the pain when you have to deal with more than a handful of providers but this approach is a no-go IMHO. Would be a better idea to use something like HybridAuth and handle everything from your servers.<p>Relevant xkcd: <a href="http://xkcd.com/927/" rel="nofollow">http://xkcd.com/927/</a><p>Apology to OP if this comment appears to be offensive.
Nice stuff! Definitely beats using Gigya or Janrain which cost quite a bit. This is the only part we were interested in anyway so...
Are you guys planning on adding services and maintaining the services for regular updates across all these services?
I clicked the login button on your oauth.io site' and I was surprised to see a basic email/password form. Why not use your own product to allow login through Facebook, twitter, github, etc?
This is not what I want in an OAuth provider.<p>Instead, someone should write a simple daemon I can execute http+json REST functions on to create and verify login cookies and transfer them back and forth to the user's browser using my webapp normally.<p>The daemon can be written in any language as long as it is not a JVM language.<p>I would write such a thing, but OAuth is somewhat confusing, and OAuth.io brings up a good point, a lot of the existing OAuth implementations are a bit flaky and if I just copy what they do/use them directly I risk inheriting that problem.
Anybody watch the little gif in the corner? Just kind of stared at it for a while, it never seems to end.<p>edit: Oh, the whole thing isn't a GIF. It just has a looping programmer gif and then puts some text around it. Maybe it will go on forever then :p<p>edit2: <a href="https://oauth.io/js/stubborn.js" rel="nofollow">https://oauth.io/js/stubborn.js</a>
So definitely does go on forever :p
So... Where can I find more information on what this is and how it works? There isn't even a description on the website on what oauth.io is, just a small code snippet. Why am I supposed to sign up for something I know nothing about? I was expecting at least a small video that explains how this all works and what it does for me.
I would recommend rolling your own consumers, or using one of the following libraries:<p>- <a href="http://hybridauth.sourceforge.net/" rel="nofollow">http://hybridauth.sourceforge.net/</a> (PHP)<p>- <a href="https://github.com/intridea/omniauth" rel="nofollow">https://github.com/intridea/omniauth</a> (Ruby)<p>Anybody have any equivalents for other languages?