One of the things about OAuth is that the user needs to check the website url where he is giving his credentials. Amusingly, many mobile apps seems to forget this important bit. The redirect me to a web ui inside the app itself and expect me to enter my password inside the app. I guess they thought this was a better user experience than handing over control to the browser :/