The OAuth working group recently decided to discourage use of the implicit grant. But that’s just the most prominent recommendation the working group is about to publish in the upcoming OAuth 2.0 Security Best Current Best Practice (https://tools.ietf.org/html/draft-ietf-oauth-security-topics), which will elevate OAuth security to the next level. The code flow shall be used with PKCE only and tokens should be sender constraint to just mention a few. Development of this enhanced recommendations was driven by several factors, including experiences gathered in the field, security research results, the increased dynamics and sensitivity of the use cases OAuth is used protect and technological changes. This session will present the new security recommendations in detail along with the underlying rationales.