TLS

OAuth 2.0 removed signature-based security in favor of relying solely on TLS. Bearer tokens are not cryptographically bound to clients, making them inherently less secure if TLS is compromised.