We recently published Who Do You Trust? OAuth Client Application Trends
which looks at real-world trust of applications by users using Google Identity for authentication and approval. It highlights some of the common applications and permissions being requested.
Some questions for you:
- Are you aware of which OAuth client applications are being trusted by your users?
- Do you have good visibility into this data?
- Are you locking down your environment in any way e.g. not allowing users to grant consent or approve apps?
- What would help you understand and manage risk from oauth client applications?
