There's more...

This recipe was written to be as straightforward as possible, but when configuring an OAuth 2.0 Provider, consider using a database instead of declaring all the client details using an in-memory database as we did.

We are also supposed to use TLS/SSL to protect any interaction between the client and OAuth 2.0 Provider components.