In this one-hour conference talk from NDC Security in Oslo, Norway, Philippe De Ryck explores the evolution of OAuth 2.0 security for frontend applications. Learn how OAuth 2.0 can potentially expand attack surfaces when XSS vulnerabilities exist, and discover the journey that led De Ryck to become a co-author of the "OAuth 2.0 for browser-based apps" specification. Explore the nearly finalized RFC, understand specific threats posed by XSS vulnerabilities, and examine effective security enhancement strategies. Gain practical insights into implementing the Backend-For-Frontend (BFF) approach with minimal development impact. Walk away with comprehensive knowledge of OAuth 2.0 frontend security and actionable steps to secure sensitive applications.