My organization is just beginning to externally expose services for our first native mobile application. We currently have a single sign-on (SSO) security infrastructure for our web applications. Recently, a consultant has strongly encouraged us to use OAuth instead of our existing solution, but I don't understand the value it plays when working entirely in a single security domain. We aren't planning to expose the services for third party consumption, and we have no plans to consume any services except our own. Is there a compelling reason to use OAuth over just extending our existing strategy?