Pentesting OAuth 2.0 application authorization-1.pdf