Security best practices
Security is a never-ending battle. There are countless ways that a given application can be exploited. As engineers, our job is to minimize the attack vectors available to attackers. We can never cover all of the holes, but it is still our duty to try. What follows is a non-exhaustive list of security best practices that will help to keep your application as secure as possible.
Use TLS!
This may seem like an obvious tip, but it is important enough to note. Use secure communication channels! This applies for when your client application talks to service providers, as well as when the service providers talk to your client application.
When your client application talks to the service provider, it does so by interacting with their authorization and token endpoints. You must ensure that they utilize TLS so that your communication with them is secure and encrypted.
Tip
Make sure the service provider uses TLS
Verify that the authorization and token endpoints that your client...
