OAuth: A Victim of Its Success

OAuth is supposed to be this like tightly limited scoped kind of like a permissions model, permissions granting model. Unfortunately, what happened was it was kind of a victim of its own success in the sense that if you all remember when sign in with Facebook button was first introduced. Ultimately, that abuse of the protocol was kind of resolved by creating a new protocol called open ID connect. It's just OAuth plus a fairly thin layer on top that kind of writes it for authentication use cases as well.