I've been working recently with OAuth2 and a few of the big guys like Login With Amazon, Facebook and Github. I keep thinking what an opportunity there was to get a real OAuth2 standard and we (collectively) blew it. Instead we have a framework where the requests are different, yes obviously each provider has a different domain, but the url formats are vastly different. Much worse is that fact that the responses vary widely. Some providers return a 401 if the token is invalid, some return a 400, some also return json with vendor specific keys and messages for more detail and for all that do return json those formats vary widely as well.

Gah!