So, your API is using OAuth 2.0?

Using the OAuth 2.0 protocol to secure your web APIs is a great choice. However, are you sure that your implementation is on par with the latest security guidelines and best practices? Have you ever tested how well it defends against actual threats?

OAuch is a compliance testing framework for the OAuth 2.0 protocol. It takes an in-depth look at how an implementation of an OAuth 2.0 authorization server adheres to the standards and mitigates known threats. OAuch generates a report based on the analysis of the tests and identifies potential weaknesses.

Continue without signing in

... or sign in with:

Google Microsoft

... or run OAuch on your own computer: