Not sure if this is news. The lead author of OAuth 2 resigned from the OAuth working group 2 years ago, citing all the security flaws inherent in the OAuth 2 spec.
Agreed; I thought that the general consensus was that OAuth2 was severely flawed (and why many sites stuck with OAuth1). Been a few years since I worked with OAuth though, so I could be wrong.