Great question. We found that SAML doesn’t typically have great support on mobile devices [edit: had originally written browser here, hence the comments below], and since BuzzFeed has many remote employees around the world, we needed to support those workflows, so OAuth2 made more sense.

That doesn't make sense. SAML is only a bunch of POST and redirections as far as the browser is concerned. There is no specific support required from the browser.

IMO That's opposite of what I understand. The selling point of Oauth2 is SAML works great on web (mobile browsers included) but not so on apps.

I’ll correct my post above. I meant to say `mobile devices`, not `mobile browsers` . My bad.

The other reason, which I didn’t mention above, but is talked about in the blog post, is we decided to use bitly’s oauth2_proxy as a basis for our solution. This had been widely used in BuzzFeed (we had over 100 auth proxies in place prior to rolling out sso), and so the OAuth flow was something everyone was familiar with.