OAuth is an emerging open-web specification for a growing number of organizations to access protected resources on each other's web sites. This presentation is a focused study of this user-centric Identity technology and its security weaknesses. We will present concise scenarios of how insecure implementations of this protocol can be abused maliciously. We examine the characteristics of some of these attack vectors, with real-world examples, and discuss tips on secure implementation and countermeasures.