Securing an OAuth implementation is hard. There’ve been several appendices added to the spec that many developers are probably not aware of [0]. Remember to check for current best practices to learn about the latest mitigations and protocol updates!

[0] https://www.ietf.org/id/draft-ietf-oauth-security-topics-24....