Today I will not tell you about typical vulnerabilities in oauth: there is no csrf check, you can change the redirect_uri, and so on. You can easily find all this on the Internet, because many articles have been written about this.
I want to tell you about a feature that I very often meet in popular private programs. I want to say right away that you should have at least a basic understanding of oauth.
Sorry in advance for my english.
So, let’s say you have oauth on your project.
As you can see, this project uses authorization via ok.ru (a popular Russian social network). …