CFP: But this is an OAuth, is it not?

I applied to this speech at the end of December to both PyCon DE and PyCon Italy. I was accepted to both. I was accepted to PyCon DE sooner, so there is where I am going to present it.  

Title: But this is an OAuth, is it not? 

Tags: API, Authentication 

Elevator pitch (300 characters): 

OAuth simplified and secured third-party integrations for the end user. But for the developer of the integration, it can still present some friction. This talk talks about examples of real-life problems that were encountered by implementing multiple OAuth integrations. 


OAuth has been presented as a solution to the security issue of giving service username and password for third party integrations and it solved a lot of problems. It replaces the need to explain to people why we need their username and password,  it is easier for them to integrate, and they usually have sensible permissions so we do not need to ask for something we do not need. 

But creating these integrations can still bring problems. These can range from technical, team based and business related problems. From figuring out why the refresh flow no longer works after months to explaining to coworkers, why their solutions based on abstract understanding of the OAuth would not work to the dealing with people verifying your OAuth app. 

Our teams developed and maintained dozens of OAuth integrations. This talk is going to go through multiple real-world examples, when OAuth can still cause friction for the developer working on it. 

This talk does not assume any programming level or any Python knowledge. I will try to make it friendly to the OAuth beginners, but you will probably take more from the talk, if you had already tried to use OAuth before.