Brad Olson

My feedback

  1. 19 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    under review  ·  2 comments  ·  Checkvist Web  ·  Flag idea as inappropriate…  ·  Admin →
    Brad Olson supported this idea  · 
  2. 58 votes
    Vote
    Sign in
    (thinking…)
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    6 comments  ·  Checkvist Web  ·  Flag idea as inappropriate…  ·  Admin →
    Brad Olson commented  · 

    Kirill, regarding oauth2 warnings from [Eran Hammer](http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/), I had a chance to sit down with Eran in 2014 and pick his brain a little further. My biggest takeaway from that is him saying something like, "The thing with security software is smart doesn't cut it. You have to have experience." When writing security libraries for hapi, he had budget to consult security experts. They caught a lot of little holes. Don't try to cobble your own stuff unless you have solid experience--yours or someone else's--at your disposal.

    It sounds like oauth2 was ruined committee, but it still sees a ton of use by big companies. I found this [this Stackexchange comment](https://security.stackexchange.com/questions/133065/why-is-it-a-bad-idea-to-use-plain-oauth2-for-authentication/133073#133073) helpful in understanding the misuse of oauth2.

    I would love to see some sort of SSO for checkvist, but only if it's secure. See my 2FA request.

Feedback and Knowledge Base