!!! Overview
[{$pagename}] are [Security Considerations] that should be read and when applicable implemented when using [OAuth 2.0].

[{$pagename}] is [{$applicationname}]'s "catch all" for [OAuth 2.0], [OpenID Connect] and [User-Managed Access] [Security Considerations]:
* [OAuth 2.0 Vulnerabilities]
* [OAuth 2.0 Threat Model and Security Configurations]
* [OAuth 2.0 Security Best Current Practice]
* [Internet Draft] [JSON Web Token Best Current Practices]
* [Internet Draft] [OAuth 2.0 JWT Secured Authorization Request]
* [Internet Draft] [OAuth 2.0 Authorization Server Metadata]
* [Explicit Endpoint]
* [Covert Redirect Vulnerability]

!! [Confidentiality] and [Integrity]
The [OAuth 2.0] [protocol] does not guarantee [Confidentiality] or [Integrity] of communications. That means you [MUST] protect [HTTP] communications using an additional layer. The usage of [SSL]/[TLS] (HTTPS) to encrypt the communication channel from the client to the server.

Always use [HTTPS|TLS] for [OAuth 2.0], as it it the only way to guarantee message [Confidentiality] or [Integrity]!

!! Token Life
The spec does not mandate the lifetime and scope of the issued [Tokens]. The implementation is free to have a [Token] live forever. Although most of the implementations provide us with short-lived [Access Tokens] and a [Refresh Token], be sure to check the [Token] lifetime and scope.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]