Overview#All are that have or are thinking about OAuth 2.0 Security Concerns should review OAuth 2.0 Threat Model and Security Configurations. Confidentiality or Integrity of communications. That means you must protect HTTP communications using an additional layer. The usage of SSL/TLS (HTTPS) to encrypt the communication channel from the client to the server.
Token Life#The spec does not mandate the lifetime and scope of the issued Tokens. The implementation is free to have a Token live forever. Although most of the implementations provide us with short-lived Access Tokens and a Refresh Token, be sure to check the Token lifetime and scope.
More Information#There might be more information for this subject on one of the following:
Add new attachment
Only authorized users are allowed to upload new attachments.