OAuth 2.0 is a widely adopted authorization protocol for APIs. Despite its maturity, new vulnerabilities continue to appear in popular OAuth implementations. In this presentation, we introduce a tool, called OAuch, that analyzes the security of OAuth authorization servers. We show how the tool can help you to test and secure your implementations. We also present the results of our OAuth ecosystem analysis, and identify lessons learned.