diff --git a/lib/oauth3.js b/lib/oauth3.js
index fc3bc6f..28ee6a9 100644
--- a/lib/oauth3.js
+++ b/lib/oauth3.js
@@ -165,6 +165,15 @@ function verifyToken(token) {
   });
 }
 
+function deepFreeze(obj) {
+  Object.keys(obj).forEach(function (key) {
+    if (obj[key] && typeof obj[key] === 'object') {
+      deepFreeze(obj[key]);
+    }
+  });
+  Object.freeze(obj);
+}
+
 function attachOauth3(req, res, next) {
   req.oauth3 = {};
 
@@ -210,6 +219,8 @@ function attachOauth3(req, res, next) {
       return PromiseA.resolve(sub || ppid);
     };
   }).then(function () {
+    deepFreeze(req.oauth3);
+    Object.defineProperty(req, 'oauth3', {configurable: false, writable: false});
     next();
   }, function (err) {
     res.send(err);