insane_coder writes "The general consensus till now has been that OAuth 2.0 was an overly complicated and misdesigned framework resulting from an "unbridgeable conflict between the web and the enterprise worlds", where enterprise developers designed the framework completely contrary to the needs of the general web population.
New analysis demonstrates that the design of OAuth 2.0 runs completely counter to the needs of the enterprise market as well.
So if OAuth 2.0 isn't good for the web nor the enterprise, so who is it good for? And why is service after service switching to it, offering a confusing non-protocol, and crippling their capabilities?"
Link to Original Source