Behind the Curtain: OpenAPI and OAuth2.0

As we progress in developing our OpenAPI, we’ve come across many use cases that are similar to what lots of people have already done, ie giving access to protected resources to a 3rd party app.
As such, we’ve decided to scrap our homegrown authentication scheme and go with doing OAuth2.0 style authentication instead.
This will allow users to enable and revoke access to the application on a per-user basis rather than the application as a whole.
If anyone has any experience with OAuth2.0 or any other authentication architecture, such as OpenID, and would like to share their experience, we are not set in stone on this and still have a ways to go in terms of development. Please feel free to comment below on your experience.

Leave a Reply

Your email address will not be published. Required fields are marked *