| ▲ | 9dev 7 days ago | |
A while ago, I set out to understand OAuth properly and built a fully compliant authorisation server on SvelteKit, following all relevant RFCs, simply by… reading them all. When you get used to the technical writing, it’s actually pretty straightforward—most of them actually document the endpoint structure and payloads, error codes, and so on. After that, the most complicated part is organizing your code to be modular and handle persistence right. I can really recommend doing this once, and once the pieces start to fall into place, you’ll be able to understand most OAuth issues you’ll ever come across! | ||
| ▲ | centur 7 days ago | parent [-] | |
100% agree. Did the same back in early OAuth2 days, before main platforms got libraries and support (we were transitioning from OpenId 2.0, not yet OIDC ). OAuth2 spec is surprisingly straightforward and readable, couplet with basic understanding of ABNF that is used in all RFCs - it was a joy to read and implement. And this understanding also stuck with me for many years and helped massively in my career :). | ||