1) Yahoo does not yet support OAuth2, only Oauth 1.
Microsoft supports OAuth2. http://msdn.microsoft.com/en-us/library/hh243647.aspx
2) Oauth 2 is simpler because it uses SSL (HTTPS) for transport security, so signatures and token secrets are not needed. When you switch, you will need to re-implement the OAuth stream. I cannot come up with any specific security measures specifically applicable to upgrading from OAuth1 to OAuth2, but the specification details some security considerations in section 10 (The parts applicable to clients are 10.3, 10.4, 10.5, 10.6, 10.8 and 10.9).
3) The OAuth2 specification is not yet complete and is subject to change. You can start implementing the OAuth2 stream with Google, but keep in mind that it is possible that names or requirements for parameters, endpoints, etc. May change, and your application will break / you will need to make changes in the future. [Experimental functions] can be changed (or even deleted) at any time . It is probably a bad idea to use experimental (or beta) software in a critical production environment.
In addition, not all Google services support OAuth2 at the moment. eg. If you want to use OAuth to access IMAP in Gmail, you now have to use OAuth1.
4) In the API console, you can specify multiple callback URLs for your OAuth2 application, one per line. An alternative would be to save your "m" and "params" parameters in a browser session / cookie and redirect to the correct page after authorization is complete.
Support (some revision) OAuth2: Facebook, Microsoft / Live, Google (with the exceptions described above), Foursquare, GitHub, Gowalla, GeoLoqi, Salesforce.
Support only OAuth1: Yahoo, Flickr, Twitter .
Source