https://gluu.co/client-is-not-always-right → https://www.slideshare.net/gluu/the-client-is-not-always-right-how-to-secure-oauth-authentication-from-your-app