- Added allowedOrigins to OAuthClient - Return 403 if Origin does not match a listed origin for the client