The IETF has updated a document "OAuth2 Security Best Current Practices" as of June 6, 2023. The document describes current security best practices for OAuth 2.0, updating and extending the OAuth 2.0 security threat model. It incorporates practical experience gained since the release of OAuth 2.0 and covers new threats that are relevant due to the broader adoption of OAuth 2.0.
Advertising
I came across this document, which can be accessed here, via the following tweet. In terms of readability, it's tough stuff (plain text with links). But maybe it is of interest for some of the readers.
