Summary
OAuth 2.0 security is something that I recommend researching. There are lots of issues which are only limited to a single provider because they heavily modify the OAuth to suit their users; this tweaking leads to more bugs. This chapter dealt with the useful basics of OAuth and the different ways in which we could exploit OAuth security. There are some classic OAuth bugs, which I didn't cover here but I recommend you read about the state parameter OAuth2 CSRF.
There are certain techniques which came into existence recently and I suggest you go through them as they are at a nascent stage:
https://techzone.ergon.ch/oauth-307Redirect-idpMixUp
For further OAuth techniques, these websites are a must:
The next chapter is a guest chapter written by Mr. Pranav Hivarekar. The chapter mostly deals with methodologies involving testing Web APIs for security.
