Require that OAuth usage meets standards set by authentication policies.
OAuth (Authentication)
Strategies
API Authorization Is Properly Defined and Enforced
Authentication gets you in the door, but authorization determines what you can actually do once you are inside. I see a lot of APIs where this is fuzzy--roles are poorly defined, permissions are to...
API Authentication Is Standardized
Authentication is one of those building blocks where consistency matters more than almost anything else. OAuth, JWT, API keys with proper scopes--pick your standards and apply them uniformly. When ...