Best practices for OAuth2 will vary depending on the features and functionality you choose to implement. Consult your authorization server provider's website for specific recommendations. Consider participating in one of the many OAuth2 community organizations, for example, https://owasp.org.