To piggyback off of Dan, I'd also mention that there's a few other benefits of using OAuth. OAuth allows allows you to delegate all sorts of auth features to an external IdP, instead of handling them yourself like:
* Password management
* SSO
* A bunch of other features and security (MFA, Forgot password, breached passwords, brute force, password validation, threat detection, account takeover protection, etc.)
Another benefit of OAuth is once you use the OAuth authorization code grant in your app, you can swap out IdPs. So, that delegation pattern is really helpful for offloading the extra work of building Auth, and it can "plug and play" into any IdP that supports it.
At the end of the day, OAuth is the protocol that lets you delegate all the auth code to an external auth provider, instead of trying to build it all yourself.
Hey vexcaustic, author of the article here. I agree, sometimes implementing OAuth2 can be rough. We promote it at FusionAuth because OAuth2 is standardized and secure, and has been tested in lots of different scenarios. I took a look at kratos, it looks sweet, thanks for the link. We've had some FusionAuth users use Ory OathKeeper with FusionAuth too. It is interesting to see the different solutions for user management and login security that are being developed.
* Password management * SSO * A bunch of other features and security (MFA, Forgot password, breached passwords, brute force, password validation, threat detection, account takeover protection, etc.)
Another benefit of OAuth is once you use the OAuth authorization code grant in your app, you can swap out IdPs. So, that delegation pattern is really helpful for offloading the extra work of building Auth, and it can "plug and play" into any IdP that supports it.
At the end of the day, OAuth is the protocol that lets you delegate all the auth code to an external auth provider, instead of trying to build it all yourself.