so It seems like we're going to need some Oauth CWE's, some initial thoughts:
-system providing Oauth doesn't filter special names resulting in shenanigans
-system providing Oauth doesn't provide any context around what is actually requesting access (e.g. no URL, seriously, all these Oauth things I've given access to and just some random name and maybe an icon, I have no idea what some of them are)
Also it seems like homophone attacks could be a thing (especially combined with XSS on the legitimate site).