datatracker.ietf.org/doc/html/rfc9700
OAuth 2.0 Security Best Current Practice describes security requirements and other recommendations for clients and servers implementing OAuth 2.0.
More resources