While you may well get some takers, and some of them might even know what they're doing, you realize you're asking for something that is usually done by people who do this stuff professionally for hundreds of dollars per hour, right? It's like writing up a legal contract and posting it online and saying "do you think this will hold up in court?"
OK, training to be a security engineer doesn't take as long as training to be a lawyer. But there's *more* lawyers than there are security engineers, and our time is very much in demand (yes, I'm a security engineer; no, I will not audit your code for free unless I expect to have a use for it personally).
I'm not even sure what you mean by "OAuth app". OAuth is a standardized protocol (v2.0, RFC 6749, is more accurately described as a framework) for delegated authentication. For example, you've seen how a lot of web sites let you sign in using your Facebook account? That's because they use Facebook as an OAuth provider. The website delegates the responsibility of authenticating users to Facebook, which is handy for them because they don't have to handle passwords and so forth, handy for the user because many users already have FB accounts, and handy for FB because they gain information about what kinds of sites you visit and can use that to target ads. It also has downsides, of course; the OAuth client (web site) has to trust that FB knows what they're doing and to remain available, the user gives FB info they might not want FB to have and also ends up essentially re-using passwords across sites (a bad idea), and FB bears the cost and responsibility of managing all those logins.
Now, to make any authentication scheme (including but not limited to OAuth) stronger, you can multi-factor authentication (sometimes called two-factor auth or 2FA). The most common way of doing that is using Time-based One Time Password
(TOTP, standardized as RFC 6238) security tokens, either in small hardware devices or in mobile apps. Is that what this is supposed to be? Because... that has nothing to do with OAuth.
I have a hard time imagining a situation in which I'd use a TOTP generator written by somebody who didn't know the difference between TOTP and OAuth.
Win8/Windows RT projects:
List of desktop apps for hacked RT devices
Native Access WebServer and Libraries
WP8 Interop Unlocks
Storage Cleanup tool
XapHandler, Root Webserver, OEM Marketplace XAPs, Bookmarklets collection (Find On Page), Interop-unlock hacks.
Do not private message me with questions that should have been posted on the forum!
Not only are you wasting your time - I'm not going to bother writing an answer to such a question for only one person - but I will probably block you from PMing me in the future as well.