[abritishguy]

OAuth is a framework not a protocol. The security it provides can vary greatly between implementations.

Fosite (which is what this is based on) is a very good implementation from a security perspective: https://github.com/ory-am/fosite#a-word-on-security