Welcome to my twentieth LaSalle Software News podcast.
This is Bob Bloom from Toronto Canada.
Today is Thursday, April 01st, 2018.
I publish LaSalle Software News monthly, at the top of the month except for September, to update you on my LaSalle Software.
(The following is a transcript edited from the Amazon Web Services “Transcript” service, which I am using here for the first time. This transcript is definitely not word-for-word, so it is still preferable to listen to my podcast!).
I've been feeling like a sinner!
I’ve been feeling like not dealing with OAuth2 at all.
It's come to the point where i feel like it's too complicated. There's too much terminology. Too much for what LaSalle Software Version Two needs.
The thing is, you use a specification for security to cover all the security bases. Its tried, it's true. The vulnerabilities have been plugged up. You don't use your own thing because you are then starting from scratch. Why would you do that?
Well OAuth2 is not a technology, is not an implementation. OAuth2 is a specifications of how to do certain things.
What I want to do, what I’ve been feeling like is the way to go, even though it feels sinful, is to just take the pieces that I need — and ignore what I do not need.
So, instead of using packages that implement OAuth2 — I am very grateful that these packages exist that implement OAuth2 and JWT — just take the pieces that I need from these packages into my own package.
These packages are mysterious to me. I cannot follow everything. I cannot reverse engineer them completely. It's a real rabbit hole.
These packages have a lot of dependencies. They cover a lot of use cases, and there's much genericizing. So, I cannot follow specific flows.
There have been many times when i thought maybe i just do not understand what's going on. However, I have enough of an ego — sounds sinful doesn't it! — to know that I can understand this.
So I will be taking the best of what i need from these packages and putting them in my own packages, even though it feels sinful to not be using these packages which are tried and true for a lot of people.
I need to need to move on. At some point, enough research, enough reverse engineering, enough frustration.
I need an OAuth2 implementation that simplifies down to my specific needs.
I need software that is emphatically easy to follow, that is stripped of the stuff I do not need, and that has minimal dependencies.
So as sinful as it feels to stray from tried-and-true packages, it feels even more sinful to use packages that I do not feel comfortable using.
Have a profit of my profitable month!
You have been listening to a SouthLaSalleMEDIA.com production. Opinions expressed are not necessarily those of SouthLaSalleMEDIA dot com, nor of the organizations represented. Links and materials discussed on air are available in the Show Notes for this show. Information contained herein have been obtained from sources believed to be reliable, but are not guaranteed. Podcasts are released under a creative commons licence. Some rights are reserved. Email correspondence to the attention of Bob Bloom at info at SouthLaSalleMedia dot com.