In this section, you’ll get to look at how everything can fall to pieces if it’s not implemented and deployed properly. While OAuth 2.0 is a security protocol, its use does not guarantee security on its own. Indeed, everything needs to be deployed and managed correctly. Additionally, some of the deployment choices in OAuth 2.0’s specification can lead to bad setups. Instead of giving you a false sense of security by telling you you’re using a solid security protocol (which you are), we’ll show you exactly where many of the pitfalls are and how to avoid them.