I like OAuth 1.0 and I find it pretty good and secure. I'm not sure what changes they have done in OAuth 2.0 but I heard that they have eliminated some of the steps in it and that doesn't sound equally secure to me. I read the blog of Eran Hammer, one of the leaders in designing the protocol in which he mentioned that he does not favour OAuth 2.0 and even left the team - http://hueniverse.com/2012/07/oauth-2-0-and-the-road-to-hell/
What are your thoughts on the security provided by OAuth 2.0 and its differences from OAuth 1.0? Just asking for your own opinion regarding the two. -- View this message in context: http://cxf.547215.n5.nabble.com/OAuth-1-0-in-CXF-2-6-2-tp5713150p5713431.html Sent from the cxf-user mailing list archive at Nabble.com.
