Thanks for sharing that Mike. Blaine certainly has a relevant and important perspective. I was struck by this bit, though: "OIDC itself is an interesting thing –immediately after creating OAuth, we realized that we could compose OpenID's behaviour out of OAuth." It reminded me of a conversation I had with Vittorio, whose perspective I also consider relevant and important, where he referred to that composition, only partly in jest, as the "original sin." The layering of OIDC on top of OAuth has had benefits but has also been the source of seemingly endless confusion and downstream problems. It's worth noting, in the ol' email archives, that it hasn't been all puppies and rainbows.
On Sat, Feb 21, 2026, 10:31 AM Michael Jones <[email protected]> wrote: > Read this insightful description of the core of what OAuth is by Blaine > Cook, former lead developer for Twitter and one of the inventors of OAuth. > Blaine was an OAuth working group chair when I first started working with > the IETF in 2011 (when OAuth was still in the IETF Applications Area). > > > > Here’s his post “What is OAuth? > <https://leaflet.pub/p/did:plc:3vdrgzr2zybocs45yfhcr6ur/3mfd2oxx5v22b>” > and his LinkedIn article referencing it > <https://www.linkedin.com/posts/blainecook_what-is-oauth-activity-7430814106888134656-eaeH/> > . > > > > -- Mike > > > _______________________________________________ > OAuth mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ OAuth mailing list -- [email protected] To unsubscribe send an email to [email protected]
