Why is OAuth still hard in 2023?

• comment-castles

  36 59 9.4 JavaScript

  Lightweight internet forum

I am in the middle of implementing an OAuth 2 server for my internet forum [0]. The last 10 or so commits are OAuth related. I read docs for about a month and now I feel like I can code it. One thing that confuses me is how it can work without a client secret (it's recommended to not use a client secret for SPAs and native smart phone apps).

[0] https://github.com/ferg1e/comment-castles

• zig-oauth2

  1 7 6.6 Zig

  HTTP handler functions to allow you to easily add OAuth2 login support to your Zig application

https://github.com/nektro/zig-oauth2

• SurveyJS

  surveyjs.io featured

  Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.

  

• oama

  2 92 6.4 Haskell

  OAuth credential Manager

• vegemite

  2 373 0.0 JavaScript

  A Pub/Sub state manager you'll love... or hate

For sure! There are some larger examples coming so that people can see it plugged into a more real-world application.

RE: onlogin, that method accepts a callback handler that is added to an internal/private array of callbacks to run once the `popup` or `redirect` sequence has finalized. It's the only externally-facing "doorway" into the OAuth flow. Everything else is inciting action (`popup()` and `redirect()`) or a read-out of the last-known payload (`last()`). It's actually very similar to a state manager I wrote a while back[1]. Callbacks are added via `$.on()` which assembles an internal `tree` map to be `dispatch`d once a change happens.

You've probably already seen the API docs for the btn.social SDK, but linking just in case[2]

[1]: https://github.com/lukeed/vegemite/blob/master/src/index.js

[2]: https://docs.btn.social/usage/#methods

Suggest a related project