> If you can get away with it, outsource identity management to Facebook / GitHu...

lewisl9029 · on July 11, 2015

The OAuth based OpenID Connect is for identity management.

Personally, I still prefer Persona's privacy-oriented approach to id management, but since Mozilla stopped pushing it, development has slowed quite a bit and widespread adoption will probably never happen.

https://www.mozilla.org/en-US/persona/

artmageddon · on July 10, 2015

I took that to mean use both identity management as well as OAuth.

balls187 · on July 10, 2015

1. Why use OAuth unless you want to grant 3rd parties access to your services data, on behalf of your customers?

2. Security best practices subject to "open for interpretation."

superuser2 · on July 10, 2015

While OAuth isn't "for" authentication, everyone uses it that way by "authorizing" access to "view your email address" which is as good as authenticating your email address.

balls187 · on July 11, 2015

Can you link to implementations that use OAuth in such a manner?

Login with FB, Google, Github, Twitter, etc different systems, separate from OAuth.

cpitman · on July 11, 2015

GitHub How To: https://developer.github.com/guides/basics-of-authentication... And the OpenID Connect standard (essentially OAuth V2 + identity service): http://openid.net/connect/

hello_there · on July 11, 2015

> Why use OAuth unless you want to grant 3rd parties access to your services data, on behalf of your customers?

So, what would you use instead?

avinassh · on July 12, 2015

> Why use OAuth unless you want to grant 3rd parties access to your services data, on behalf of your customers?

Can you explain me this? How Google will be able to access my service data?

ad-hominem · on July 10, 2015

I think he may have confused OAuth with OpenID (which are often used in a complementary fashion).