OAuth is frequently marketed as "more secure". But implementations often confuse... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		9cb14c1ec0 4 months ago \| parent \| context \| favorite \| on: Abusing Entra OAuth for fun and access to internal... OAuth is frequently marketed as "more secure". But implementations often confuse authentication with authorization, resulting in problems like this.

koakuma-chan 4 months ago [–]

I just say auth. You decide which one I mean.

tgv 4 months ago | [–]

I know it's a joke, but it's funny because it's (somewhat) true. To add to the confusion, sometimes one of them gets abbreviated "authn". That is so unhelpful.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact