My talk OAuth 2.0 and OpenID Connect in Plain English recently crossed two million views on YouTube. I never expected it to be watched by so many people!
When I first started working in security and identity, I remember feeling buried under jargon: resource server, authorization server, scopes, JWKS, PKCE, ID tokens, access tokens. It was hard to build a mental picture of what was actually happening and how the pieces related to each other.
I first presented an early version of the material at Seattle Code Camp in 2017. It was still rough, but afterward I was bombarded with questions. That was the first sign that this talk was useful: I wasn’t the only developer who felt confused by this stuff.
By the time I presented it at Okta in 2018, I had practiced in front of large and small audiences. I was confident the material was solid, but I never imagined it would become the most-watched OAuth explainer in the world.
Why plain English matters
Earlier in my career, I believed that precision was the key to communication. If I used technically correct words and accurate terminology, I assumed my audience would understand.
I was wrong!
Precision and accuracy matter when writing specifications or code, but they are not the same thing as clarity. In fact, premature jargon often obscures the idea you are trying to explain.
One of the reasons I found security and identity topics so intimidating early on was because many explanations started with something like, “Given an RFC 6749-compliant authorization server, a confidential client can perform the following grant flow…”
I now strongly believe that communicating complex ideas in plainspoken, relatable language is the best way to reach a wide audience. That’s especially true when the audience is new to the topic, speaks a different first language, or simply comes from a different background.
I’m grateful to everyone who watched, shared, commented, and learned from this talk. More than anything, I’m deeply happy that I could help make a complex topic feel a little less intimidating.
And meanwhile, there is a whole lot of new stuff that could use some demystifying.
It’s time for another “Plain English” talk. I have a topic in mind…