Skip to content
FBT
All resources

OAuth 2.0 Threat Model Template

A structured threat model for OAuth 2.0 and OIDC deployments: main threat vectors and an implementation checklist before go-live.

What's Inside

Token leakage and storage, redirect manipulation, scope escalation, and client authentication. Plus a checklist: PKCE for public clients, short-lived access tokens, secure refresh handling, and logging that does not expose tokens. For the full context, see our Identity, OAuth & OIDC pillar.

Get the template

Request the OAuth Threat Model template and we'll send it to you. For hands-on security engineering support, see our Security & Vulnerability Engineering services.

Request OAuth Threat Model