Programmer Calls Out OAuth Providers for API Flaws
2024-12-12
A programmer publicly criticized several OAuth providers (GitHub, Facebook, TikTok, Strava, Naver, and others) for various API inconsistencies. Issues included incorrect status codes, non-standard error responses, inconsistent parameter naming, and flawed token expiration formats. The author urged these providers to rectify these problems, expressing particular confusion over Naver's design choices. The post also highlighted the lack of support for HTTP Basic authentication, later clarifying that while optional in OAuth 2.1, most providers' lack of PKCE support renders them non-compliant with either specification.