Client origin check
The OAuthClientOriginCheckFilter now checks that the HTTP request Origin header matches the one allowed for the client.
It currently does a check if allowedOrigins.isEmpty().
Please add the else part that will check that there is no Origin header. That means that this client may not be used from browsers.