Explore OAuth 2.0 and OpenID Connect security best practices in this comprehensive NDC Oslo 2020 conference talk. Delve into the evolution of these protocols since their initial publication, examining known implementation weaknesses, anti-patterns, and emerging use cases in high-security environments. Learn about the IETF's Best Current Practices (BCPs) that update original specifications and threat models. Gain insights into topics such as high-security OAuth, attack models, flow modifications, client authentication, bearer tokens, and mitigation strategies for various security vulnerabilities. Discover the latest developments in OAuth 2.1 and understand how to implement robust security measures for API protection and identity management in modern applications.