Quote:
Originally Posted by Quoth
OAuth is more about Google (or MS) tracking than adding real security.
|
Wrong in every aspect.
OAuth is a authorization protocol which can be and is implemented by more parties than just those two. There are even multiple OSS solutions which you can host yourself if you want to.
And it is real security on the protocol level (authorization against a 3rd party, in the sense of "not build-in authentication"). And it adds to authentication (which is not the same as authorization) when a multi-factor authentication is used (which is up to the config of the backend and doesn't need support at all in the client).