Questions for oauth-2.0