Why is OAuth still hard in 2024?

The current state of OAuth implementation is that many APIs have their own interpretation of the standard, leading to subtle differences and non-standard extensions. This results in a complex and error-prone experience for developers trying to implement OAuth flows. Even with standardized error messages, debugging OAuth flows can be challenging due to missing documentation, outdated information, and API-specific quirks. Furthermore, some APIs require cumbersome approvals before allowing public access, while security best practices are constantly evolving, making it a moving target for developers. To address these issues, the authors propose an open-source solution called Nango, which provides prebuilt OAuth flows, secure token storage, and automatic token refreshes for over 250 OAuth APIs.