OAuth 2.0 is being adopted by many enterprises and cloud service providers. It introduces a three party model that is new to many architects. This session will examine how to best use OAuth 2.0 optional features and avoid common mistakes that have left a number of large deployments open to trivial compromise.