The Identity Provider Customization Cliff: When OAuth2 Is Overkill and SaaS IDPs Aren't Enough
The identity industry is stuck between SaaS IDPs that aren’t flexible enough and custom solutions that aren’t secure enough. And for a surprising number of applications, the entire OAuth2 token ceremony is overkill – a session cookie would do.