Overview#OAuth 2.0 Security Considerations are Security Considerations that should be read and when applicable implemented when using OAuth 2.0.
OAuth 2.0 Security Considerations All are that have or are thinking about OAuth 2.0 Security Considerations should review OAuth 2.0 Threat Model and Security Configurations.Confidentiality or Integrity of communications. That means you must protect HTTP communications using an additional layer. The usage of SSL/TLS (HTTPS) to encrypt the communication channel from the client to the server.
Token Life#The spec does not mandate the lifetime and scope of the issued Tokens. The implementation is free to have a Token live forever. Although most of the implementations provide us with short-lived Access Tokens and a Refresh Token, be sure to check the Token lifetime and scope.
OAuth 2.0 Security Considerations Other #
- OAuth 2.0 Vulnerabilities
- OAuth Security Topics
- Internet Draft JSON Web Token Best Current Practices
- Internet Draft OAuth 2.0 JWT Secured Authorization Request
- Internet Draft OAuth 2.0 Authorization Server Metadata
- Explicit Endpoint