OAuth ist also auch kaputt – und es ist ein praktisch nicht behebbarer Designfehler.
Serious security flaw in OAuth, OpenID discovered

Following in the steps of the OpenSSL vulnerability Heartbleed, another major flaw has been found in popular open-source security software. This time, the holes have been found in the login tools OAuth and OpenID, used by many websites and tech titans including Google, Facebook, Microsoft, and LinkedIn, among others.