Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> You're making a flawed assumption that just because a major email provider offers OAuth, that websites themselves will also integrate with that OAuth provider. Yahoo Mail supports OAuth, but that's not worth a damn if sites don't explicitly integrate with Yahoo and provide a "Sign in with Yahoo" button.

I'm not really sure I buy this premise. As a developer, it's my job to provide login options. I'm 100% on board with not providing a username / password option unless my bosses demand it and ignore my counterarguments. But I fail to see how the passwordless model is not just an equivalent case with using lots of OAuth2 plugins.

It's a neat system, don't get me wrong. I could see using it in addition to a typical suite of OAuth providers. But I don't see it as a drop-in, solve-everything replacement for OAuth2. It's really just a (node / express) library that approaches the same problems but exposes different implementation issues instead.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: