Now it seems like most sites are using OAuth 1.0(a) with some using OAuth 2. I hate the complexity and multiple-round-trips required with OAuth, but it seems like it’s widely supported in most languages so implementation for end-developers isn’t that difficult. Though it looks like the OAuth 2 spec is still changing, so is it not recommended yet? I see a few larger sites are using it like Instagram and Reddit.
What is the latest word in vulnerabilities in OAuth related to implementing an OAuth provider?